CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-55618
7.3 HIGH

In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.

Aug 27, 2025
CVE-2024-37777
8.8 HIGH

O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.

Aug 27, 2025
CVE-2025-58218
7.2 HIGH

Deserialization of Untrusted Data vulnerability in enituretechnology Small Package Quotes – USPS Edition small-package-quotes-usps-edition allows Object Injection.This issue affects Small Package Quotes – USPS Edition: …

Aug 27, 2025
CVE-2025-58217
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through <= 1.0.

Aug 27, 2025
CVE-2025-55422
8.8 HIGH

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.

Aug 27, 2025
CVE-2025-51667
7.0 HIGH

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead …

Aug 27, 2025
CVE-2025-50979
8.6 HIGH

NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers …

Aug 27, 2025
CVE-2025-34161
8.8 HIGH

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level …

Aug 27, 2025
CVE-2025-34159
8.8 HIGH

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level …

Aug 27, 2025
CVE-2025-20317
7.1 HIGH

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect …

Aug 27, 2025
CVE-2025-20241
7.4 HIGH

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches …

Aug 27, 2025
CVE-2025-50983
8.3 HIGH

SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, …

Aug 27, 2025
CVE-2025-9533
7.3 HIGH

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with …

Aug 27, 2025
CVE-2025-53105
7.5 HIGH

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses …

Aug 27, 2025
CVE-2025-9529
7.3 HIGH

A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of …

Aug 27, 2025
CVE-2025-9527
8.8 HIGH

A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in …

Aug 27, 2025
CVE-2025-43882
7.8 HIGH

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access.

Aug 27, 2025
CVE-2025-43730
8.4 HIGH

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could …

Aug 27, 2025
CVE-2025-43729
7.8 HIGH

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability …

Aug 27, 2025
CVE-2025-9526
8.8 HIGH

A vulnerability has been found in Linksys E1700 1.0.0.4.003. Affected by this issue is the function setSysAdm of the file /goform/setSysAdm. Such manipulation of the …

Aug 27, 2025
CVE-2025-9525
8.8 HIGH

A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by this vulnerability is the function setWan of the file /goform/setWan. This manipulation of the …

Aug 27, 2025
CVE-2025-9511
7.3 HIGH

A vulnerability was identified in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID …

Aug 27, 2025
CVE-2025-57846
7.8 HIGH

Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on …

Aug 27, 2025
CVE-2025-57797
7.8 HIGH

Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges …

Aug 27, 2025
CVE-2025-9510
7.3 HIGH

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /branch/addbranch.php. The manipulation …

Aug 27, 2025
CVE-2025-9509
7.3 HIGH

A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fair_info_all.php. Performing manipulation of …

Aug 27, 2025
CVE-2025-9508
7.3 HIGH

A vulnerability was detected in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /report/rented_info.php. The manipulation of the …

Aug 27, 2025
CVE-2025-9507
7.3 HIGH

A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitor_info.php. Executing manipulation of the argument …

Aug 27, 2025
CVE-2025-9506
7.3 HIGH

A vulnerability has been found in Campcodes Online Loan Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the …

Aug 27, 2025
CVE-2025-9505
7.3 HIGH

A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_loan_type. This …

Aug 27, 2025
CVE-2025-9504
7.3 HIGH

A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation …

Aug 27, 2025
CVE-2025-9503
7.3 HIGH

A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_borrower. The manipulation of …

Aug 27, 2025
CVE-2025-9502
7.3 HIGH

A weakness has been identified in Campcodes Online Loan Management System 1.0. This impacts an unknown function of the file /ajax.php?action=save_payment. Executing manipulation of the …

Aug 27, 2025
CVE-2025-35115
8.1 HIGH

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of …

Aug 26, 2025
CVE-2025-35114
7.5 HIGH

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of …

Aug 26, 2025
CVE-2025-22412
8.8 HIGH

In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote …

Aug 26, 2025
CVE-2025-22411
8.8 HIGH

In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) …

Aug 26, 2025
CVE-2025-22410
8.4 HIGH

In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of …

Aug 26, 2025
CVE-2025-22409
8.4 HIGH

In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation …

Aug 26, 2025
CVE-2025-22406
8.4 HIGH

In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation …

Aug 26, 2025
CVE-2025-22405
8.4 HIGH

In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of …

Aug 26, 2025
CVE-2025-22404
8.4 HIGH

In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation …

Aug 26, 2025
CVE-2025-0093
7.5 HIGH

In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with …

Aug 26, 2025
CVE-2025-0084
8.8 HIGH

In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over …

Aug 26, 2025
CVE-2025-0081
7.5 HIGH

In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service …

Aug 26, 2025
CVE-2025-0080
7.8 HIGH

In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation …

Aug 26, 2025
CVE-2025-0079
7.8 HIGH

In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This …

Aug 26, 2025
CVE-2025-0078
8.8 HIGH

In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local …

Aug 26, 2025
CVE-2023-21125
8.0 HIGH

In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of …

Aug 26, 2025
CVE-2025-9492
7.3 HIGH

A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument …

Aug 26, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.