CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-9328
7.8 HIGH

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Sep 2, 2025
CVE-2025-9326
7.8 HIGH

Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Sep 2, 2025
CVE-2025-9830
7.3 HIGH

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/add-customer-services.php. The manipulation of …

Sep 2, 2025
CVE-2025-9275
7.8 HIGH

Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Sep 2, 2025
CVE-2025-9274
7.8 HIGH

Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Sep 2, 2025
CVE-2025-8614
7.8 HIGH

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must …

Sep 2, 2025
CVE-2025-8613
7.2 HIGH

Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. …

Sep 2, 2025
CVE-2025-8302
8.8 HIGH

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of …

Sep 2, 2025
CVE-2025-8301
7.8 HIGH

Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU …

Sep 2, 2025
CVE-2025-8300
8.8 HIGH

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of …

Sep 2, 2025
CVE-2025-8299
8.8 HIGH

Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of …

Sep 2, 2025
CVE-2025-7976
7.8 HIGH

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Sep 2, 2025
CVE-2025-7975
7.8 HIGH

Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu …

Sep 2, 2025
CVE-2025-7974
7.5 HIGH

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to …

Sep 2, 2025
CVE-2025-6685
8.8 HIGH

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is …

Sep 2, 2025
CVE-2025-9829
7.3 HIGH

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /signup.php. The manipulation of …

Sep 2, 2025
CVE-2025-9189
7.8 HIGH

There is an out of bounds write vulnerability due to improper bounds checking resulting in a large destination address when parsing a DSB file with …

Sep 2, 2025
CVE-2025-9188
7.8 HIGH

There is a deserialization of untrusted data vulnerability in Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to …

Sep 2, 2025
CVE-2025-57778
7.8 HIGH

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid source address when parsing a DSB file with …

Sep 2, 2025
CVE-2025-57777
7.8 HIGH

There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when parsing a DSB file with Digilent DASYLab. This vulnerability …

Sep 2, 2025
CVE-2025-57776
7.8 HIGH

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent …

Sep 2, 2025
CVE-2025-57775
7.8 HIGH

There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing a DSB file with Digilent DASYLab. This vulnerability may result in …

Sep 2, 2025
CVE-2025-57774
7.8 HIGH

There is an out of bounds write vulnerability due to improper bounds checking resulting in invalid data when parsing a DSB file with Digilent DASYLab. …

Sep 2, 2025
CVE-2025-57616
7.5 HIGH

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of …

Sep 2, 2025
CVE-2025-57615
7.5 HIGH

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a …

Sep 2, 2025
CVE-2025-57614
7.5 HIGH

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause …

Sep 2, 2025
CVE-2025-57613
7.5 HIGH

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause …

Sep 2, 2025
CVE-2025-57612
7.5 HIGH

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial …

Sep 2, 2025
CVE-2025-54599
7.5 HIGH

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim …

Sep 2, 2025
CVE-2025-9784
7.5 HIGH

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the …

Sep 2, 2025
CVE-2025-2413
8.6 HIGH

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.This issue affects ProKuafor: from s1.02.08 before v1.02.08.

Sep 2, 2025
CVE-2025-52550
7.2 HIGH

E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin …

Sep 2, 2025
CVE-2025-52547
7.5 HIGH

E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input validation. An attacker can use this command to continuously …

Sep 2, 2025
CVE-2025-52545
7.5 HIGH

E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes …

Sep 2, 2025
CVE-2025-52544
7.5 HIGH

E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By …

Sep 2, 2025
CVE-2025-52543
7.5 HIGH

E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining …

Sep 2, 2025
CVE-2025-2414
8.6 HIGH

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.This issue affects OctoCloud: from s1.09.03 before v1.11.01.

Sep 2, 2025
CVE-2024-58259
8.2 HIGH

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API …

Sep 2, 2025
CVE-2024-52284
7.7 HIGH

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

Sep 2, 2025
CVE-2025-41690
7.4 HIGH

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This …

Sep 2, 2025
CVE-2025-9815
7.8 HIGH

A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of …

Sep 2, 2025
CVE-2025-9814
7.3 HIGH

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of …

Sep 2, 2025
CVE-2025-9813
8.8 HIGH

A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads …

Sep 2, 2025
CVE-2025-9812
8.8 HIGH

A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can …

Sep 2, 2025
CVE-2025-9811
7.3 HIGH

A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating …

Sep 2, 2025
CVE-2025-58178
7.8 HIGH

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability …

Sep 2, 2025
CVE-2025-57808
8.1 HIGH

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass …

Sep 2, 2025
CVE-2025-9794
7.3 HIGH

A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing …

Sep 1, 2025
CVE-2025-9793
7.3 HIGH

A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /setting/admin.php of the component Setting Handler. Performing …

Sep 1, 2025
CVE-2025-9792
7.3 HIGH

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /e_dashboard/e_all_info.php. Such manipulation of …

Sep 1, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.