CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-52085
8.8 HIGH

An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful …

Aug 22, 2025
CVE-2025-57800
8.8 HIGH

Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An …

Aug 22, 2025
CVE-2025-57771
8.1 HIGH

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution …

Aug 22, 2025
CVE-2025-55745
8.8 HIGH

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known …

Aug 22, 2025
CVE-2025-55634
7.5 HIGH

Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to …

Aug 22, 2025
CVE-2025-55630
7.3 HIGH

A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 when …

Aug 22, 2025
CVE-2024-53494
7.5 HIGH

Incorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to access sensitive components without authentication.

Aug 22, 2025
CVE-2025-55741
8.1 HIGH

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for …

Aug 22, 2025
CVE-2025-55611
7.5 HIGH

D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.

Aug 22, 2025
CVE-2025-55606
7.5 HIGH

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.

Aug 22, 2025
CVE-2025-55605
7.5 HIGH

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.

Aug 22, 2025
CVE-2025-55603
7.5 HIGH

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.

Aug 22, 2025
CVE-2025-55602
7.5 HIGH

D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter.

Aug 22, 2025
CVE-2025-55599
7.5 HIGH

D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey.

Aug 22, 2025
CVE-2025-52094
7.8 HIGH

Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allows a local attacker to execute arbtirary code via the \HKLM\SYSTEM\Setup\SmartDeploy component

Aug 22, 2025
CVE-2025-51605
8.1 HIGH

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also …

Aug 22, 2025
CVE-2025-50674
7.8 HIGH

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.

Aug 22, 2025
CVE-2025-38670
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different …

Aug 22, 2025
CVE-2025-38667
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: fix potential out-of-bound write The buffer is set to 20 characters. If a caller …

Aug 22, 2025
CVE-2025-38666
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxy‐probe routine (aarp_proxy_probe_network) sends a …

Aug 22, 2025
CVE-2025-38662
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv Given mt8365_dai_set_priv allocate priv_size space to copy …

Aug 22, 2025
CVE-2025-38657
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: mcc: prevent shift wrapping in rtw89_core_mlsr_switch() The "link_id" value comes from the user …

Aug 22, 2025
CVE-2025-38656
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_work() fails. The …

Aug 22, 2025
CVE-2025-38653
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek …

Aug 22, 2025
CVE-2025-38652
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $((1024*1024*1024)) …

Aug 22, 2025
CVE-2025-38636
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers …

Aug 22, 2025
CVE-2025-38627
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic The decompress_io_ctx may be released asynchronously after …

Aug 22, 2025
CVE-2025-38620
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: zloop: fix KASAN use-after-free of tag set When a zoned loop device, or zloop device, …

Aug 22, 2025
CVE-2025-55573
8.8 HIGH

QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).

Aug 22, 2025
CVE-2025-33120
7.8 HIGH

IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary …

Aug 22, 2025
CVE-2025-38618
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind …

Aug 22, 2025
CVE-2025-38616
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the …

Aug 22, 2025
CVE-2024-56179
7.8 HIGH

In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments …

Aug 22, 2025
CVE-2025-9255
7.5 HIGH

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Aug 22, 2025
CVE-2025-8281
7.1 HIGH

The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected …

Aug 22, 2025
CVE-2025-51606
8.8 HIGH

hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code …

Aug 21, 2025
CVE-2025-55231
7.5 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.

Aug 21, 2025
CVE-2025-55230
7.8 HIGH

Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Aug 21, 2025
CVE-2025-54460
7.1 HIGH

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload …

Aug 21, 2025
CVE-2025-51989
7.0 HIGH

HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" (firstname) …

Aug 21, 2025
CVE-2025-27721
7.5 HIGH

Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources.

Aug 21, 2025
CVE-2025-38743
7.8 HIGH

Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access …

Aug 21, 2025
CVE-2025-7051
8.3 HIGH

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is …

Aug 21, 2025
CVE-2025-55524
7.3 HIGH

Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.

Aug 21, 2025
CVE-2025-52351
8.8 HIGH

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query …

Aug 21, 2025
CVE-2024-50641
8.1 HIGH

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token.

Aug 21, 2025
CVE-2025-9311
7.3 HIGH

A vulnerability was identified in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fair/addfair.php. The manipulation of …

Aug 21, 2025
CVE-2025-57761
8.8 HIGH

WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_funcionario …

Aug 21, 2025
CVE-2025-9307
7.3 HIGH

A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument …

Aug 21, 2025
CVE-2025-55743
8.8 HIGH

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs …

Aug 21, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.