CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-7388
8.4 HIGH

It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS …

Sep 4, 2025
CVE-2024-34598
7.7 HIGH

Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store.

Sep 4, 2025
CVE-2025-9938
8.8 HIGH

A weakness has been identified in D-Link DI-8400 16.07.26A1. The affected element is the function yyxz_dlink_asp of the file /yyxz.asp. This manipulation of the argument …

Sep 4, 2025
CVE-2025-9935
7.3 HIGH

A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. …

Sep 4, 2025
CVE-2025-9933
7.3 HIGH

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such …

Sep 4, 2025
CVE-2025-9932
7.3 HIGH

A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/update-image.php. This …

Sep 4, 2025
CVE-2025-9930
7.3 HIGH

A security vulnerability has been detected in 1000projects Beauty Parlour Management System 1.0. This impacts an unknown function of the file /admin/contact-us.php. The manipulation of …

Sep 4, 2025
CVE-2025-9519
7.2 HIGH

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This …

Sep 4, 2025
CVE-2025-9518
7.2 HIGH

The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path' parameter in all versions …

Sep 4, 2025
CVE-2025-9517
7.2 HIGH

The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This …

Sep 4, 2025
CVE-2025-6984
7.5 HIGH

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. …

Sep 4, 2025
CVE-2025-6085
7.2 HIGH

The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions …

Sep 4, 2025
CVE-2025-58358
7.5 HIGH

Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized …

Sep 4, 2025
CVE-2025-58355
7.7 HIGH

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled …

Sep 4, 2025
CVE-2025-58057
7.5 HIGH

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, …

Sep 4, 2025
CVE-2025-36907
7.3 HIGH

In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of …

Sep 4, 2025
CVE-2025-36906
7.8 HIGH

In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of …

Sep 4, 2025
CVE-2025-36905
7.8 HIGH

In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of …

Sep 4, 2025
CVE-2025-36903
7.8 HIGH

In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution …

Sep 4, 2025
CVE-2025-36901
8.8 HIGH

WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.

Sep 4, 2025
CVE-2025-36899
8.4 HIGH

There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with …

Sep 4, 2025
CVE-2025-36898
7.8 HIGH

There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no …

Sep 4, 2025
CVE-2025-36895
7.5 HIGH

Information disclosure

Sep 4, 2025
CVE-2025-36894
7.5 HIGH

In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no …

Sep 4, 2025
CVE-2025-36892
7.5 HIGH

Denial of service

Sep 4, 2025
CVE-2025-36891
8.8 HIGH

Elevation of privilege

Sep 4, 2025
CVE-2025-36887
7.8 HIGH

In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Sep 4, 2025
CVE-2025-2417
8.6 HIGH

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.This issue affects e-Mutabakat: from 2.02.06 before v2.02.06.

Sep 4, 2025
CVE-2025-2411
8.6 HIGH

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06.

Sep 4, 2025
CVE-2024-56190
7.8 HIGH

In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege …

Sep 4, 2025
CVE-2025-9928
7.3 HIGH

A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation …

Sep 3, 2025
CVE-2025-9927
7.3 HIGH

A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the …

Sep 3, 2025
CVE-2025-58056
7.5 HIGH

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, …

Sep 3, 2025
CVE-2025-57833
7.1 HIGH

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, …

Sep 3, 2025
CVE-2025-55748
7.5 HIGH

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are …

Sep 3, 2025
CVE-2025-9926
7.3 HIGH

A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulation of the argument t1 …

Sep 3, 2025
CVE-2025-9925
7.3 HIGH

A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument …

Sep 3, 2025
CVE-2025-9365
7.8 HIGH

Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker …

Sep 3, 2025
CVE-2025-9924
7.3 HIGH

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /enquiry.php. The manipulation of the argument …

Sep 3, 2025
CVE-2025-36193
8.4 HIGH

IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the …

Sep 3, 2025
CVE-2025-56803
8.4 HIGH

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting …

Sep 3, 2025
CVE-2025-52494
7.5 HIGH

Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a denial-of-service (DoS) condition due to improper handling of SSL handshakes during connection initialization. When …

Sep 3, 2025
CVE-2025-45805
7.6 HIGH

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered …

Sep 3, 2025
CVE-2025-9959
7.6 HIGH

Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt …

Sep 3, 2025
CVE-2025-9866
8.8 HIGH

Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium …

Sep 3, 2025
CVE-2025-9919
7.3 HIGH

A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument …

Sep 3, 2025
CVE-2025-55852
7.5 HIGH

Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g.

Sep 3, 2025
CVE-2025-0280
7.5 HIGH

A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.

Sep 3, 2025
CVE-2025-58644
7.2 HIGH

Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition ltl-freight-quotes-tql-edition allows Object Injection.This issue affects LTL Freight Quotes - TQL Edition: …

Sep 3, 2025
CVE-2025-58643
7.2 HIGH

Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition ltl-freight-quotes-daylight-edition allows Object Injection.This issue affects LTL Freight Quotes – Daylight Edition: …

Sep 3, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.