CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-50971
7.5 HIGH

Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php.

Aug 26, 2025
CVE-2025-9478
8.8 HIGH

Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Aug 26, 2025
CVE-2025-23315
7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a …

Aug 26, 2025
CVE-2025-23314
7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection …

Aug 26, 2025
CVE-2025-23313
7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection …

Aug 26, 2025
CVE-2025-23312
7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code …

Aug 26, 2025
CVE-2025-23307
7.8 HIGH

NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of …

Aug 26, 2025
CVE-2025-57803
7.5 HIGH

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit …

Aug 26, 2025
CVE-2025-55298
7.5 HIGH

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability …

Aug 26, 2025
CVE-2025-9491
7.8 HIGH

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. …

Aug 26, 2025
CVE-2025-36729
7.2 HIGH

A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master …

Aug 26, 2025
CVE-2025-2697
7.4 HIGH

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim …

Aug 26, 2025
CVE-2025-1994
7.8 HIGH

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe …

Aug 26, 2025
CVE-2025-57810
7.5 HIGH

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU …

Aug 26, 2025
CVE-2025-6366
8.8 HIGH

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin …

Aug 26, 2025
CVE-2025-52218
7.5 HIGH

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text Injection. Improper sanitization of unspecified parameters allows attackers to inject arbitrary text …

Aug 26, 2025
CVE-2025-9483
8.8 HIGH

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function singlePortForwardAdd of the file /goform/singlePortForwardAdd. This …

Aug 26, 2025
CVE-2025-9482
8.8 HIGH

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation …

Aug 26, 2025
CVE-2025-9481
8.8 HIGH

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. …

Aug 26, 2025
CVE-2025-50753
8.4 HIGH

Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted …

Aug 26, 2025
CVE-2025-29992
7.5 HIGH

Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy.

Aug 26, 2025
CVE-2024-47853
8.8 HIGH

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools …

Aug 26, 2025
CVE-2025-38676
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered …

Aug 26, 2025
CVE-2025-53419
7.8 HIGH

Delta Electronics COMMGR has Code Injection vulnerability.

Aug 26, 2025
CVE-2025-53418
8.6 HIGH

Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability.

Aug 26, 2025
CVE-2025-9476
7.3 HIGH

A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such …

Aug 26, 2025
CVE-2025-9475
7.3 HIGH

A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This …

Aug 26, 2025
CVE-2025-9473
7.3 HIGH

A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of …

Aug 26, 2025
CVE-2025-9472
7.3 HIGH

A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument …

Aug 26, 2025
CVE-2025-5931
8.8 HIGH

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due …

Aug 26, 2025
CVE-2025-9471
7.3 HIGH

A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/add_maintenance_cost.php. The manipulation of the argument …

Aug 26, 2025
CVE-2025-9470
7.3 HIGH

A flaw has been found in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /management/add_m_committee.php. Executing manipulation of the argument …

Aug 26, 2025
CVE-2025-9469
7.3 HIGH

A vulnerability was detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fund/add_fund.php. Performing manipulation of …

Aug 26, 2025
CVE-2025-9468
7.3 HIGH

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /bill/add_bill.php. Such …

Aug 26, 2025
CVE-2025-9172
7.5 HIGH

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to …

Aug 26, 2025
CVE-2025-9444
7.3 HIGH

A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/delete_group_student.php. …

Aug 26, 2025
CVE-2025-9443
8.8 HIGH

A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account …

Aug 26, 2025
CVE-2025-9426
7.3 HIGH

A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation …

Aug 25, 2025
CVE-2025-9425
7.3 HIGH

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the …

Aug 25, 2025
CVE-2025-9423
7.3 HIGH

A vulnerability was determined in Campcodes Online Water Billing System 1.0. Affected is an unknown function of the file /editecex.php. This manipulation of the argument …

Aug 25, 2025
CVE-2025-9421
7.3 HIGH

A vulnerability has been found in itsourcecode Apartment Management System 1.0. This affects an unknown function of the file /complain/addcomplain.php. The manipulation of the argument …

Aug 25, 2025
CVE-2025-9420
7.3 HIGH

A flaw has been found in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of …

Aug 25, 2025
CVE-2025-8627
8.8 HIGH

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 …

Aug 25, 2025
CVE-2025-57809
7.5 HIGH

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. …

Aug 25, 2025
CVE-2025-9419
7.3 HIGH

A vulnerability was detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the …

Aug 25, 2025
CVE-2025-9418
7.3 HIGH

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the …

Aug 25, 2025
CVE-2025-6188
7.5 HIGH

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with …

Aug 25, 2025
CVE-2025-57811
7.2 HIGH

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability …

Aug 25, 2025
CVE-2025-50383
8.1 HIGH

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.

Aug 25, 2025
CVE-2025-6737
7.2 HIGH

Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access …

Aug 25, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.