CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-58642
7.2 HIGH

Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes – …

Sep 3, 2025
CVE-2025-58637
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart immonex-kickstart allows PHP Local File Inclusion.This …

Sep 3, 2025
CVE-2025-58608
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress mediapress allows PHP Local File Inclusion.This issue …

Sep 3, 2025
CVE-2025-58604
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: …

Sep 3, 2025
CVE-2025-57151
8.8 HIGH

phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter.

Sep 3, 2025
CVE-2025-57150
7.2 HIGH

phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter.

Sep 3, 2025
CVE-2025-57147
7.5 HIGH

A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including …

Sep 3, 2025
CVE-2025-57146
8.1 HIGH

phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter.

Sep 3, 2025
CVE-2025-2416
8.6 HIGH

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.This issue affects LimonDesk: from s1.02.14 before v1.02.17.

Sep 3, 2025
CVE-2025-26210
8.8 HIGH

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that …

Sep 3, 2025
CVE-2024-13068
7.3 HIGH

Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing.This issue affects LimonDesk: from s1.02.14 before v1.02.17.

Sep 3, 2025
CVE-2025-53694
7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): …

Sep 3, 2025
CVE-2025-53691
8.8 HIGH

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from …

Sep 3, 2025
CVE-2025-2415
8.6 HIGH

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.This issue affects MyRezzta: from s2.03.01 before v2.05.01.

Sep 3, 2025
CVE-2024-43115
8.8 HIGH

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before …

Sep 3, 2025
CVE-2014-125127
7.5 HIGH

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service (DoS) attacks due to eager loading of request bodies in …

Sep 3, 2025
CVE-2025-9817
7.8 HIGH

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service

Sep 3, 2025
CVE-2023-21480
8.5 HIGH

Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities.

Sep 3, 2025
CVE-2023-21477
7.9 HIGH

Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.

Sep 3, 2025
CVE-2023-21476
8.0 HIGH

Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.

Sep 3, 2025
CVE-2023-21475
8.0 HIGH

Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.

Sep 3, 2025
CVE-2025-58176
8.8 HIGH

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code …

Sep 3, 2025
CVE-2025-9848
7.3 HIGH

A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such …

Sep 3, 2025
CVE-2025-58163
8.8 HIGH

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability …

Sep 3, 2025
CVE-2025-54588
7.5 HIGH

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 contain a …

Sep 3, 2025
CVE-2025-9839
7.3 HIGH

A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/course/index.php. Performing …

Sep 2, 2025
CVE-2025-9838
7.3 HIGH

A vulnerability was identified in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/index.php. Such manipulation of the argument …

Sep 2, 2025
CVE-2025-22442
7.0 HIGH

In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. …

Sep 2, 2025
CVE-2025-22439
7.3 HIGH

In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead …

Sep 2, 2025
CVE-2025-22438
7.8 HIGH

In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. …

Sep 2, 2025
CVE-2025-22437
7.8 HIGH

In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This …

Sep 2, 2025
CVE-2025-22434
7.8 HIGH

In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation …

Sep 2, 2025
CVE-2025-22433
7.8 HIGH

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a …

Sep 2, 2025
CVE-2025-22428
7.8 HIGH

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to …

Sep 2, 2025
CVE-2025-22427
7.3 HIGH

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. …

Sep 2, 2025
CVE-2025-22423
7.5 HIGH

In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote …

Sep 2, 2025
CVE-2025-22422
7.8 HIGH

In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be …

Sep 2, 2025
CVE-2025-22419
7.3 HIGH

In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could …

Sep 2, 2025
CVE-2025-22418
7.8 HIGH

In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution …

Sep 2, 2025
CVE-2025-22417
7.3 HIGH

In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation …

Sep 2, 2025
CVE-2025-22416
7.8 HIGH

In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local …

Sep 2, 2025
CVE-2024-49730
7.8 HIGH

In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional …

Sep 2, 2025
CVE-2024-49720
7.8 HIGH

In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in …

Sep 2, 2025
CVE-2024-40653
7.3 HIGH

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the …

Sep 2, 2025
CVE-2025-9837
7.3 HIGH

A vulnerability was determined in itsourcecode Student Information Management System 1.0. This issue affects some unknown processing of the file /admin/modules/student/index.php. This manipulation of the …

Sep 2, 2025
CVE-2025-9833
7.3 HIGH

A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation …

Sep 2, 2025
CVE-2025-9832
7.3 HIGH

A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of …

Sep 2, 2025
CVE-2025-9831
7.3 HIGH

A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. This impacts an unknown function of the file /admin/edit-services.php. This manipulation of the …

Sep 2, 2025
CVE-2025-9330
7.8 HIGH

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of …

Sep 2, 2025
CVE-2025-9329
7.8 HIGH

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Sep 2, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.