CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-58807
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Dsingh Purge Varnish Cache purge-varnish allows Stored XSS.This issue affects Purge Varnish Cache: from n/a through <= 2.6.

Sep 5, 2025
CVE-2025-58806
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Tom Longridge WordPress Error Monitoring by Bugsnag bugsnag allows Stored XSS.This issue affects WordPress Error Monitoring by Bugsnag: from …

Sep 5, 2025
CVE-2025-58789
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle WP Full Stripe Free wp-full-stripe-free allows SQL Injection.This issue affects …

Sep 5, 2025
CVE-2025-58788
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Blind SQL Injection.This …

Sep 5, 2025
CVE-2025-58296
7.5 HIGH

Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect function stability.

Sep 5, 2025
CVE-2025-58281
8.4 HIGH

Out-of-bounds read vulnerability in the runtime interpreter module. Impact: Successful exploitation of this vulnerability may affect availability.

Sep 5, 2025
CVE-2025-58280
8.4 HIGH

Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability.

Sep 5, 2025
CVE-2025-55671
7.8 HIGH

Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege …

Sep 5, 2025
CVE-2025-9990
8.1 HIGH

The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portal_type parameter. …

Sep 5, 2025
CVE-2025-58362
7.5 HIGH

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function …

Sep 5, 2025
CVE-2025-58179
7.2 HIGH

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: …

Sep 5, 2025
CVE-2025-55238
7.5 HIGH

Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

Sep 4, 2025
CVE-2025-58353
8.2 HIGH

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists …

Sep 4, 2025
CVE-2025-32322
7.8 HIGH

In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper …

Sep 4, 2025
CVE-2025-26439
7.8 HIGH

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to …

Sep 4, 2025
CVE-2025-26431
7.8 HIGH

In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could …

Sep 4, 2025
CVE-2025-22414
7.8 HIGH

In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of …

Sep 4, 2025
CVE-2025-48581
8.4 HIGH

In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to …

Sep 4, 2025
CVE-2025-48563
7.8 HIGH

In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege …

Sep 4, 2025
CVE-2025-48558
7.8 HIGH

In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could …

Sep 4, 2025
CVE-2025-48556
7.3 HIGH

In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege …

Sep 4, 2025
CVE-2025-48553
7.8 HIGH

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to …

Sep 4, 2025
CVE-2025-48552
7.8 HIGH

In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to …

Sep 4, 2025
CVE-2025-48549
7.8 HIGH

In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to …

Sep 4, 2025
CVE-2025-48548
7.3 HIGH

In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could …

Sep 4, 2025
CVE-2025-48547
7.3 HIGH

In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of …

Sep 4, 2025
CVE-2025-48546
7.8 HIGH

In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation …

Sep 4, 2025
CVE-2025-48545
7.1 HIGH

In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to …

Sep 4, 2025
CVE-2025-48544
7.8 HIGH

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation …

Sep 4, 2025
CVE-2025-48543
8.8 HIGH KEV

In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead …

Sep 4, 2025
CVE-2025-48541
7.8 HIGH

In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to …

Sep 4, 2025
CVE-2025-48540
7.8 HIGH

In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to …

Sep 4, 2025
CVE-2025-48539
8.0 HIGH

In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code …

Sep 4, 2025
CVE-2025-48537
7.1 HIGH

In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure …

Sep 4, 2025
CVE-2025-48535
7.8 HIGH

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. …

Sep 4, 2025
CVE-2025-48534
8.8 HIGH

In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local denial …

Sep 4, 2025
CVE-2025-48533
7.0 HIGH

In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. …

Sep 4, 2025
CVE-2025-48532
7.3 HIGH

In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. This could lead to local escalation …

Sep 4, 2025
CVE-2025-48531
7.8 HIGH

In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of …

Sep 4, 2025
CVE-2025-48530
8.1 HIGH

In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code …

Sep 4, 2025
CVE-2025-48523
7.8 HIGH

In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead …

Sep 4, 2025
CVE-2025-48522
7.8 HIGH

In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This …

Sep 4, 2025
CVE-2025-32350
7.8 HIGH

In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege …

Sep 4, 2025
CVE-2025-32349
7.8 HIGH

In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional …

Sep 4, 2025
CVE-2025-32347
7.8 HIGH

In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation …

Sep 4, 2025
CVE-2025-32346
7.8 HIGH

In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of …

Sep 4, 2025
CVE-2025-32345
7.8 HIGH

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a …

Sep 4, 2025
CVE-2025-32333
7.8 HIGH

In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. This could lead to local escalation …

Sep 4, 2025
CVE-2025-32332
7.8 HIGH

In multiple locations, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no …

Sep 4, 2025
CVE-2025-32331
7.8 HIGH

In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to …

Sep 4, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.