CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-9712
8.8 HIGH

Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. …

Sep 9, 2025
CVE-2025-55148
7.6 HIGH

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure …

Sep 9, 2025
CVE-2025-55147
8.8 HIGH

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access …

Sep 9, 2025
CVE-2025-55145
8.9 HIGH

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure …

Sep 9, 2025
CVE-2025-55142
8.8 HIGH

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure …

Sep 9, 2025
CVE-2025-55141
8.8 HIGH

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure …

Sep 9, 2025
CVE-2025-52915
7.2 HIGH

K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through …

Sep 9, 2025
CVE-2025-52322
7.5 HIGH

An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a crafted Create Session Request message to …

Sep 9, 2025
CVE-2025-33045
8.2 HIGH

APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local …

Sep 9, 2025
CVE-2025-9364
8.8 HIGH

An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in …

Sep 9, 2025
CVE-2025-9166
7.5 HIGH

A denial-of-service security issue exists in the affected product and version. The security issue stems from the controller repeatedly attempting to forward messages. The issue …

Sep 9, 2025
CVE-2025-9161
8.8 HIGH

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, …

Sep 9, 2025
CVE-2025-9065
8.8 HIGH

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability …

Sep 9, 2025
CVE-2025-7970
7.5 HIGH

A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This …

Sep 9, 2025
CVE-2025-48208
8.8 HIGH

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account …

Sep 9, 2025
CVE-2025-24404
8.8 HIGH

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add …

Sep 9, 2025
CVE-2025-59017
8.8 HIGH

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend …

Sep 9, 2025
CVE-2025-41701
7.8 HIGH

An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These …

Sep 9, 2025
CVE-2025-40798
7.5 HIGH

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User …

Sep 9, 2025
CVE-2025-40797
7.5 HIGH

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User …

Sep 9, 2025
CVE-2025-40796
7.5 HIGH

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User …

Sep 9, 2025
CVE-2025-9539
8.0 HIGH

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due …

Sep 9, 2025
CVE-2025-10123
7.3 HIGH

A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of …

Sep 9, 2025
CVE-2025-42933
8.8 HIGH

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads …

Sep 9, 2025
CVE-2025-42929
8.1 HIGH

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables …

Sep 9, 2025
CVE-2025-42916
8.1 HIGH

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables …

Sep 9, 2025
CVE-2025-10120
8.8 HIGH

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the …

Sep 9, 2025
CVE-2025-10118
7.3 HIGH

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the …

Sep 9, 2025
CVE-2025-10116
7.3 HIGH

A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The …

Sep 9, 2025
CVE-2025-10115
7.3 HIGH

A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes …

Sep 9, 2025
CVE-2025-10114
7.3 HIGH

A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the …

Sep 9, 2025
CVE-2025-58757
8.8 HIGH

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in …

Sep 9, 2025
CVE-2025-58756
8.8 HIGH

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in `model_dict = torch.load(full_path, …

Sep 9, 2025
CVE-2025-58755
8.8 HIGH

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The extractall function `zip_file.extractall(output_dir)` is used directly to process compressed files. …

Sep 9, 2025
CVE-2025-10113
7.3 HIGH

A security vulnerability has been detected in itsourcecode Student Information Management System 1.0. This affects an unknown function of the file /admin/modules/room/index.php. Such manipulation of …

Sep 9, 2025
CVE-2025-10112
7.3 HIGH

A weakness has been identified in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/department/index.php. This manipulation …

Sep 9, 2025
CVE-2025-58454
8.2 HIGH

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listar_despachos.php, in the …

Sep 8, 2025
CVE-2025-58453
8.2 HIGH

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior in the endpoint /WeGIA/html/memorando/exibe_anexo.php, in …

Sep 8, 2025
CVE-2025-10111
7.3 HIGH

A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/instructor/index.php. The …

Sep 8, 2025
CVE-2025-10109
7.3 HIGH

A vulnerability was determined in Campcodes Online Loan Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_payment. Executing manipulation of the …

Sep 8, 2025
CVE-2025-57817
7.2 HIGH

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not …

Sep 8, 2025
CVE-2025-57816
7.5 HIGH

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, …

Sep 8, 2025
CVE-2025-10108
7.3 HIGH

A vulnerability was found in Campcodes Online Loan Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_loan. Performing manipulation of the argument …

Sep 8, 2025
CVE-2025-52288
7.5 HIGH

Assertion failure in function ngap_build_downlink_nas_transport in file src/amf/ngap-build.c, the Access and Mobility Management Function (AMF) component, in Open5GS thru 2.7.5 allowing attackers to cause a …

Sep 8, 2025
CVE-2025-52389
8.8 HIGH

An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via …

Sep 8, 2025
CVE-2025-10104
7.3 HIGH

A security vulnerability has been detected in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /review_search.php. The manipulation of …

Sep 8, 2025
CVE-2025-9112
8.8 HIGH

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up …

Sep 8, 2025
CVE-2025-55849
8.4 HIGH

WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee

Sep 8, 2025
CVE-2025-10103
7.3 HIGH

A weakness has been identified in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /home.php. Executing manipulation of the …

Sep 8, 2025
CVE-2025-10102
7.3 HIGH

A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown function of the file /index.php. Performing manipulation of …

Sep 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.