CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-8984
7.3 HIGH

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expense_category.php. The manipulation …

Aug 14, 2025
CVE-2025-8983
7.3 HIGH

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation …

Aug 14, 2025
CVE-2025-8982
7.3 HIGH

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of …

Aug 14, 2025
CVE-2025-8981
7.3 HIGH

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/payment.php. The manipulation of …

Aug 14, 2025
CVE-2025-55708
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue …

Aug 14, 2025
CVE-2025-53587
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo findgo allows Cross Site Request Forgery.This issue affects Findgo: from n/a through <= 1.3.57.

Aug 14, 2025
CVE-2025-53575
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData …

Aug 14, 2025
CVE-2025-52797
8.2 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap wp-storymap allows SQL Injection.This issue affects StoryMap: from n/a through <= 2.1.

Aug 14, 2025
CVE-2025-52765
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= …

Aug 14, 2025
CVE-2025-8973
7.3 HIGH

A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument …

Aug 14, 2025
CVE-2025-8972
7.3 HIGH

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation …

Aug 14, 2025
CVE-2025-51986
7.5 HIGH

An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for …

Aug 14, 2025
CVE-2025-8971
7.3 HIGH

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of …

Aug 14, 2025
CVE-2025-8970
7.3 HIGH

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of …

Aug 14, 2025
CVE-2025-8969
7.3 HIGH

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file …

Aug 14, 2025
CVE-2025-8968
7.3 HIGH

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapprove_user.php. …

Aug 14, 2025
CVE-2025-55195
7.3 HIGH

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted …

Aug 14, 2025
CVE-2025-20263
8.6 HIGH

A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could …

Aug 14, 2025
CVE-2025-20253
8.6 HIGH

A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, …

Aug 14, 2025
CVE-2025-20251
8.5 HIGH

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) …

Aug 14, 2025
CVE-2025-20244
7.7 HIGH

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) …

Aug 14, 2025
CVE-2025-20243
8.6 HIGH

A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker …

Aug 14, 2025
CVE-2025-20239
8.6 HIGH

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, …

Aug 14, 2025
CVE-2025-20222
8.6 HIGH

A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall …

Aug 14, 2025
CVE-2025-20217
8.6 HIGH

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, …

Aug 14, 2025
CVE-2025-20148
8.5 HIGH

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML …

Aug 14, 2025
CVE-2025-20136
8.6 HIGH

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software …

Aug 14, 2025
CVE-2025-20134
8.6 HIGH

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow …

Aug 14, 2025
CVE-2025-20133
8.6 HIGH

A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD …

Aug 14, 2025
CVE-2025-20127
7.7 HIGH

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat …

Aug 14, 2025
CVE-2023-43692
7.5 HIGH

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system …

Aug 14, 2025
CVE-2025-8967
7.3 HIGH

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of …

Aug 14, 2025
CVE-2025-8966
7.3 HIGH

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation …

Aug 14, 2025
CVE-2025-54867
7.0 HIGH

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially …

Aug 14, 2025
CVE-2025-8876
8.8 HIGH KEV

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

Aug 14, 2025
CVE-2025-8875
7.8 HIGH KEV

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Aug 14, 2025
CVE-2025-40758
8.7 HIGH

A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix …

Aug 14, 2025
CVE-2024-53946
8.8 HIGH

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to …

Aug 14, 2025
CVE-2024-53945
8.8 HIGH

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute …

Aug 14, 2025
CVE-2025-8715
8.8 HIGH

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client …

Aug 14, 2025
CVE-2025-8714
8.8 HIGH

Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client …

Aug 14, 2025
CVE-2025-8960
7.3 HIGH

A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. …

Aug 14, 2025
CVE-2025-8958
8.8 HIGH

A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The manipulation of the argument …

Aug 14, 2025
CVE-2025-8957
7.3 HIGH

A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the …

Aug 14, 2025
CVE-2025-54701
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue …

Aug 14, 2025
CVE-2025-54700
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue …

Aug 14, 2025
CVE-2025-54697
7.2 HIGH

Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16.

Aug 14, 2025
CVE-2025-54692
7.5 HIGH

Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a …

Aug 14, 2025
CVE-2025-54690
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio xinterio allows PHP Local File Inclusion.This issue …

Aug 14, 2025
CVE-2025-54689
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue …

Aug 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.