CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-53419
7.8 HIGH

Delta Electronics COMMGR has Code Injection vulnerability.

Aug 26, 2025
CVE-2025-53418
8.6 HIGH

Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability.

Aug 26, 2025
CVE-2025-9476
7.3 HIGH

A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such …

Aug 26, 2025
CVE-2025-9475
7.3 HIGH

A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This …

Aug 26, 2025
CVE-2025-9473
7.3 HIGH

A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of …

Aug 26, 2025
CVE-2025-9472
7.3 HIGH

A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument …

Aug 26, 2025
CVE-2025-5931
8.8 HIGH

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due …

Aug 26, 2025
CVE-2025-9471
7.3 HIGH

A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/add_maintenance_cost.php. The manipulation of the argument …

Aug 26, 2025
CVE-2025-9470
7.3 HIGH

A flaw has been found in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /management/add_m_committee.php. Executing manipulation of the argument …

Aug 26, 2025
CVE-2025-9469
7.3 HIGH

A vulnerability was detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fund/add_fund.php. Performing manipulation of …

Aug 26, 2025
CVE-2025-9468
7.3 HIGH

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /bill/add_bill.php. Such …

Aug 26, 2025
CVE-2025-9172
7.5 HIGH

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to …

Aug 26, 2025
CVE-2025-9444
7.3 HIGH

A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/delete_group_student.php. …

Aug 26, 2025
CVE-2025-9443
8.8 HIGH

A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account …

Aug 26, 2025
CVE-2025-9426
7.3 HIGH

A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation …

Aug 25, 2025
CVE-2025-9425
7.3 HIGH

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the …

Aug 25, 2025
CVE-2025-9423
7.3 HIGH

A vulnerability was determined in Campcodes Online Water Billing System 1.0. Affected is an unknown function of the file /editecex.php. This manipulation of the argument …

Aug 25, 2025
CVE-2025-9421
7.3 HIGH

A vulnerability has been found in itsourcecode Apartment Management System 1.0. This affects an unknown function of the file /complain/addcomplain.php. The manipulation of the argument …

Aug 25, 2025
CVE-2025-9420
7.3 HIGH

A flaw has been found in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of …

Aug 25, 2025
CVE-2025-8627
8.8 HIGH

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 …

Aug 25, 2025
CVE-2025-57809
7.5 HIGH

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. …

Aug 25, 2025
CVE-2025-9419
7.3 HIGH

A vulnerability was detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the …

Aug 25, 2025
CVE-2025-9418
7.3 HIGH

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the …

Aug 25, 2025
CVE-2025-6188
7.5 HIGH

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with …

Aug 25, 2025
CVE-2025-57811
7.2 HIGH

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability …

Aug 25, 2025
CVE-2025-50383
8.1 HIGH

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.

Aug 25, 2025
CVE-2025-6737
7.2 HIGH

Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access …

Aug 25, 2025
CVE-2025-57760
8.8 HIGH

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with …

Aug 25, 2025
CVE-2025-29421
7.5 HIGH

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.

Aug 25, 2025
CVE-2025-29420
7.5 HIGH

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.

Aug 25, 2025
CVE-2025-55409
8.8 HIGH

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code.

Aug 25, 2025
CVE-2025-53119
7.5 HIGH

An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.

Aug 25, 2025
CVE-2025-29523
7.2 HIGH

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function.

Aug 25, 2025
CVE-2025-5302
8.6 HIGH

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion …

Aug 25, 2025
CVE-2025-56216
8.5 HIGH

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.

Aug 25, 2025
CVE-2025-53510
8.8 HIGH

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, …

Aug 25, 2025
CVE-2025-53085
8.8 HIGH

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a …

Aug 25, 2025
CVE-2025-52930
8.8 HIGH

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a …

Aug 25, 2025
CVE-2025-52456
8.8 HIGH

A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation …

Aug 25, 2025
CVE-2025-51281
7.0 HIGH

D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to …

Aug 25, 2025
CVE-2025-50129
8.8 HIGH

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a …

Aug 25, 2025
CVE-2025-46407
8.8 HIGH

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, …

Aug 25, 2025
CVE-2025-35984
8.8 HIGH

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a …

Aug 25, 2025
CVE-2025-32468
8.8 HIGH

A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, …

Aug 25, 2025
CVE-2025-52461
8.2 HIGH

An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file …

Aug 25, 2025
CVE-2025-46411
8.1 HIGH

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-43960
8.6 HIGH

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a …

Aug 25, 2025
CVE-2025-29516
7.2 HIGH

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function.

Aug 25, 2025
CVE-2025-26467
8.8 HIGH

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted …

Aug 25, 2025
CVE-2023-47799
7.5 HIGH

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the …

Aug 25, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.