CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-38653
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek …

Aug 22, 2025
CVE-2025-38652
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $((1024*1024*1024)) …

Aug 22, 2025
CVE-2025-38636
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers …

Aug 22, 2025
CVE-2025-38627
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic The decompress_io_ctx may be released asynchronously after …

Aug 22, 2025
CVE-2025-38620
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: zloop: fix KASAN use-after-free of tag set When a zoned loop device, or zloop device, …

Aug 22, 2025
CVE-2025-55573
8.8 HIGH

QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).

Aug 22, 2025
CVE-2025-33120
7.8 HIGH

IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary …

Aug 22, 2025
CVE-2025-38618
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind …

Aug 22, 2025
CVE-2025-38616
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the …

Aug 22, 2025
CVE-2024-56179
7.8 HIGH

In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments …

Aug 22, 2025
CVE-2025-9255
7.5 HIGH

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Aug 22, 2025
CVE-2025-8281
7.1 HIGH

The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected …

Aug 22, 2025
CVE-2025-51606
8.8 HIGH

hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code …

Aug 21, 2025
CVE-2025-55231
7.5 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.

Aug 21, 2025
CVE-2025-55230
7.8 HIGH

Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Aug 21, 2025
CVE-2025-54460
7.1 HIGH

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload …

Aug 21, 2025
CVE-2025-51989
7.0 HIGH

HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" (firstname) …

Aug 21, 2025
CVE-2025-27721
7.5 HIGH

Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources.

Aug 21, 2025
CVE-2025-38743
7.8 HIGH

Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access …

Aug 21, 2025
CVE-2025-7051
8.3 HIGH

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is …

Aug 21, 2025
CVE-2025-55524
7.3 HIGH

Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.

Aug 21, 2025
CVE-2025-52351
8.8 HIGH

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query …

Aug 21, 2025
CVE-2024-50641
8.1 HIGH

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token.

Aug 21, 2025
CVE-2025-9311
7.3 HIGH

A vulnerability was identified in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fair/addfair.php. The manipulation of …

Aug 21, 2025
CVE-2025-57761
8.8 HIGH

WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_funcionario …

Aug 21, 2025
CVE-2025-9307
7.3 HIGH

A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument …

Aug 21, 2025
CVE-2025-55743
8.8 HIGH

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs …

Aug 21, 2025
CVE-2025-55742
8.0 HIGH

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG …

Aug 21, 2025
CVE-2025-55420
8.8 HIGH

A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it …

Aug 21, 2025
CVE-2025-9305
7.3 HIGH

A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. The affected element is an unknown function of the file /bank/mnotice.php. The …

Aug 21, 2025
CVE-2025-9304
7.3 HIGH

A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the …

Aug 21, 2025
CVE-2025-9303
8.8 HIGH

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument …

Aug 21, 2025
CVE-2025-55383
8.6 HIGH

Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the …

Aug 21, 2025
CVE-2025-55297
8.8 HIGH

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi …

Aug 21, 2025
CVE-2025-52194
7.5 HIGH

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header …

Aug 21, 2025
CVE-2025-48956
7.5 HIGH

vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be …

Aug 21, 2025
CVE-2025-9302
7.3 HIGH

A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid …

Aug 21, 2025
CVE-2025-55564
7.5 HIGH

Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.

Aug 21, 2025
CVE-2025-55370
8.8 HIGH

Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.

Aug 21, 2025
CVE-2025-55368
8.8 HIGH

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

Aug 21, 2025
CVE-2025-34158
8.5 HIGH

Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server …

Aug 21, 2025
CVE-2025-9299
8.8 HIGH

A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the …

Aug 21, 2025
CVE-2025-9298
8.8 HIGH

A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can …

Aug 21, 2025
CVE-2025-9297
8.8 HIGH

A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in …

Aug 21, 2025
CVE-2025-8592
8.1 HIGH

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or …

Aug 21, 2025
CVE-2025-48978
7.5 HIGH

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent …

Aug 21, 2025
CVE-2025-27216
8.8 HIGH

Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.

Aug 21, 2025
CVE-2025-27215
8.1 HIGH

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to …

Aug 21, 2025
CVE-2025-9253
8.8 HIGH

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of …

Aug 20, 2025
CVE-2025-9252
8.8 HIGH

A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the …

Aug 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.