CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-56265
8.8 HIGH

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a …

Sep 8, 2025
CVE-2025-10100
7.3 HIGH

A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /admin_class.php?action=login. Performing manipulation of the argument …

Sep 8, 2025
CVE-2025-59033
7.4 HIGH

The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the …

Sep 8, 2025
CVE-2025-56630
7.3 HIGH

FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file.

Sep 8, 2025
CVE-2025-55998
8.1 HIGH

A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web …

Sep 8, 2025
CVE-2025-40930
7.5 HIGH

JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other …

Sep 8, 2025
CVE-2025-40928
7.5 HIGH

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

Sep 8, 2025
CVE-2022-50238
7.4 HIGH

The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list …

Sep 8, 2025
CVE-2025-36855
8.8 HIGH

A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product …

Sep 8, 2025
CVE-2025-36854
8.1 HIGH

A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a …

Sep 8, 2025
CVE-2025-36853
7.5 HIGH

A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer …

Sep 8, 2025
CVE-2025-10092
7.3 HIGH

A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The …

Sep 8, 2025
CVE-2025-10091
7.3 HIGH

A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. …

Sep 8, 2025
CVE-2025-10090
7.3 HIGH

A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of …

Sep 8, 2025
CVE-2025-41708
7.4 HIGH

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit …

Sep 8, 2025
CVE-2025-41682
8.8 HIGH

An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.

Sep 8, 2025
CVE-2025-41664
7.5 HIGH

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of …

Sep 8, 2025
CVE-2025-8085
8.6 HIGH

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

Sep 8, 2025
CVE-2025-10082
7.3 HIGH

A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument …

Sep 8, 2025
CVE-2025-10079
7.3 HIGH

A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of …

Sep 8, 2025
CVE-2025-10078
7.3 HIGH

A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID …

Sep 8, 2025
CVE-2025-10077
7.3 HIGH

A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the …

Sep 8, 2025
CVE-2025-10076
7.3 HIGH

A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument …

Sep 8, 2025
CVE-2025-39730
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle …

Sep 7, 2025
CVE-2025-39727
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setup_clusters() In setup_swap_map(), we only ensure badpages are …

Sep 7, 2025
CVE-2025-10068
7.3 HIGH

A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument …

Sep 7, 2025
CVE-2025-10062
7.3 HIGH

A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument …

Sep 6, 2025
CVE-2025-58445
7.5 HIGH

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through …

Sep 6, 2025
CVE-2025-58446
7.5 HIGH

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (>100k characters) at very …

Sep 6, 2025
CVE-2025-0032
7.2 HIGH

Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss …

Sep 6, 2025
CVE-2024-36354
7.5 HIGH

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant …

Sep 6, 2025
CVE-2024-36352
8.4 HIGH

Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial …

Sep 6, 2025
CVE-2024-36342
8.8 HIGH

Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.

Sep 6, 2025
CVE-2024-36326
8.4 HIGH

Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss …

Sep 6, 2025
CVE-2024-21947
7.5 HIGH

Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at …

Sep 6, 2025
CVE-2023-31325
7.2 HIGH

Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reserved DRAM region potentially resulting …

Sep 6, 2025
CVE-2023-31322
8.7 HIGH

Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially …

Sep 6, 2025
CVE-2025-10034
8.8 HIGH

A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the …

Sep 6, 2025
CVE-2025-10033
7.3 HIGH

A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument …

Sep 6, 2025
CVE-2025-10031
7.3 HIGH

A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. The manipulation …

Sep 6, 2025
CVE-2025-10030
7.3 HIGH

A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_receiving. Executing manipulation …

Sep 6, 2025
CVE-2025-7040
8.2 HIGH

The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of …

Sep 6, 2025
CVE-2025-9515
7.2 HIGH

The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all …

Sep 6, 2025
CVE-2025-58437
8.1 HIGH

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session …

Sep 6, 2025
CVE-2025-58374
7.8 HIGH

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that …

Sep 6, 2025
CVE-2025-7366
7.3 HIGH

The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, …

Sep 6, 2025
CVE-2025-58439
8.1 HIGH

ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left …

Sep 6, 2025
CVE-2021-26383
7.9 HIGH

Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading …

Sep 6, 2025
CVE-2025-58372
8.1 HIGH

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace …

Sep 5, 2025
CVE-2025-58370
8.1 HIGH

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where …

Sep 5, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.