CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-9566
8.1 HIGH

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete …

Sep 5, 2025
CVE-2025-10025
7.3 HIGH

A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument …

Sep 5, 2025
CVE-2025-39723
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix unbuffered write error handling If all the subrequests in an unbuffered write stream …

Sep 5, 2025
CVE-2025-39719
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hw_xlate array Fix a potential out-of-bounds array access …

Sep 5, 2025
CVE-2025-39717
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE As described in commit 7a54947e727b ('Merge patch …

Sep 5, 2025
CVE-2025-39711
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Both the ACE and …

Sep 5, 2025
CVE-2025-39710
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a …

Sep 5, 2025
CVE-2025-39702
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to …

Sep 5, 2025
CVE-2025-39701
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-version-number check should be used rather …

Sep 5, 2025
CVE-2025-39691
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bh_read() helper There's issue as follows: BUG: KASAN: stack-out-of-bounds in …

Sep 5, 2025
CVE-2025-39689
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ftrace: Also allocate and copy hash for reading of filter files Currently the reader of …

Sep 5, 2025
CVE-2025-39687
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to …

Sep 5, 2025
CVE-2025-39686
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insn_rw_emulate_bits() do insn->n samples The `insn_rw_emulate_bits()` function is used as a default handler …

Sep 5, 2025
CVE-2025-39685
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl726: Prevent invalid irq number The reproducer passed in an irq number(0x80008000) that was …

Sep 5, 2025
CVE-2025-39683
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written …

Sep 5, 2025
CVE-2025-39682
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either …

Sep 5, 2025
CVE-2025-39680
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer The data->block[0] variable comes from user. Without proper …

Sep 5, 2025
CVE-2025-38736
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception …

Sep 5, 2025
CVE-2025-38734
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix UAF on smcsk after smc_listen_out() BPF CI testing report a UAF issue: [ …

Sep 5, 2025
CVE-2025-38731
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, …

Sep 5, 2025
CVE-2025-30199
7.2 HIGH

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot …

Sep 5, 2025
CVE-2025-58214
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue …

Sep 5, 2025
CVE-2025-58206
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue …

Sep 5, 2025
CVE-2025-57889
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This …

Sep 5, 2025
CVE-2025-53307
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder WordPress Assistant assistant allows Reflected XSS.This issue affects WordPress Assistant: from …

Sep 5, 2025
CVE-2025-48317
7.5 HIGH

Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a …

Sep 5, 2025
CVE-2025-48104
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player floating-window-music-player allows Stored XSS.This issue affects Floating Window Music Player: from n/a through <= …

Sep 5, 2025
CVE-2025-32320
7.8 HIGH

In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of …

Sep 5, 2025
CVE-2025-32318
8.8 HIGH

In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with …

Sep 5, 2025
CVE-2025-58780
7.2 HIGH

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately …

Sep 5, 2025
CVE-2025-58881
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects …

Sep 5, 2025
CVE-2025-58861
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through <= 1.4.9.

Sep 5, 2025
CVE-2025-58860
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Enable Latex enable-latex allows Stored XSS.This issue affects Enable Latex: from n/a through <= 1.2.16.

Sep 5, 2025
CVE-2025-58859
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Add to Feedly add-to-feedly allows Stored XSS.This issue affects Add to Feedly: from n/a through <= 1.2.11.

Sep 5, 2025
CVE-2025-58857
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Table of content content-table allows Stored XSS.This issue affects Table of content: …

Sep 5, 2025
CVE-2025-58855
7.1 HIGH

Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V (Artprima) AP HoneyPot WordPress Plugin ap-honeypot allows Reflected XSS.This issue affects AP …

Sep 5, 2025
CVE-2025-58854
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Samer Bechara Ultimate AJAX Login ultimate-ajax-login allows Reflected XSS.This issue affects Ultimate AJAX Login: from n/a through <= 1.2.1.

Sep 5, 2025
CVE-2025-58853
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets Light: from n/a …

Sep 5, 2025
CVE-2025-58852
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Mark O'Donnell MSTW League Manager mstw-league-manager allows Stored XSS.This issue affects MSTW League Manager: from n/a through <= 2.10.

Sep 5, 2025
CVE-2025-58849
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Deepak S Hide Real Download Path hide-real-download-path allows Stored XSS.This issue affects Hide Real Download Path: from n/a through …

Sep 5, 2025
CVE-2025-58848
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through <= 3.1.1.

Sep 5, 2025
CVE-2025-58847
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Yaidier WN Flipbox Pro wn-flipbox-pro allows Reflected XSS.This issue affects WN Flipbox Pro: from n/a through <= 2.1.

Sep 5, 2025
CVE-2025-58846
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected …

Sep 5, 2025
CVE-2025-58845
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through <= 1.6.10.

Sep 5, 2025
CVE-2025-58844
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel database-to-excel allows Stored XSS.This issue affects Database to Excel: from n/a through <= 1.0.

Sep 5, 2025
CVE-2025-58843
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video auto-last-youtube-video allows Stored XSS.This issue affects Auto Last Youtube Video: from n/a through …

Sep 5, 2025
CVE-2025-58839
7.2 HIGH

Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through <= 1.2.

Sep 5, 2025
CVE-2025-58833
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1.

Sep 5, 2025
CVE-2025-58815
7.2 HIGH

Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through <= 2.0.2.

Sep 5, 2025
CVE-2025-58809
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through …

Sep 5, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.