CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-38599
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx …

Aug 19, 2025
CVE-2025-38598
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [ +0.000020] BUG: KASAN: slab-use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu] [ +0.000817] …

Aug 19, 2025
CVE-2025-38596
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the …

Aug 19, 2025
CVE-2025-38595
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabuf_exp_from_pages() [dma_buf_fd() fixes; no preferences regarding the tree it goes through …

Aug 19, 2025
CVE-2025-38594
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix UAF on sva unbind with pending IOPFs Commit 17fce9d2336d ("iommu/vt-d: Put iopf enablement …

Aug 19, 2025
CVE-2025-38593
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' Function 'hci_discovery_filter_clear()' frees 'uuids' array and then sets …

Aug 19, 2025
CVE-2025-38592
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv Currently both dev_coredumpv and skb_put_data in hci_devcd_dump use hdev->dump.head. …

Aug 19, 2025
CVE-2025-38585
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and the …

Aug 19, 2025
CVE-2025-38584
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder …

Aug 19, 2025
CVE-2025-38582
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first …

Aug 19, 2025
CVE-2025-38580
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty …

Aug 19, 2025
CVE-2025-38579
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in …

Aug 19, 2025
CVE-2025-38574
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for …

Aug 19, 2025
CVE-2025-38572
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very …

Aug 19, 2025
CVE-2025-38570
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in …

Aug 19, 2025
CVE-2025-38568
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, …

Aug 19, 2025
CVE-2025-38566
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in …

Aug 19, 2025
CVE-2025-38565
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still …

Aug 19, 2025
CVE-2025-38563
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing …

Aug 19, 2025
CVE-2025-38556
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed …

Aug 19, 2025
CVE-2025-38555
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc …

Aug 19, 2025
CVE-2025-38554
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped By inducing delays …

Aug 19, 2025
CVE-2025-4046
8.5 HIGH

A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization

Aug 19, 2025
CVE-2025-4044
8.2 HIGH

Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL.

Aug 19, 2025
CVE-2025-41689
7.5 HIGH

An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.

Aug 19, 2025
CVE-2025-7670
7.5 HIGH

The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 …

Aug 19, 2025
CVE-2025-7654
8.8 HIGH

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, …

Aug 19, 2025
CVE-2025-8218
8.8 HIGH

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, …

Aug 19, 2025
CVE-2025-54156
7.4 HIGH

The Sante PACS Server Web Portal sends credential information without encryption.

Aug 18, 2025
CVE-2025-53948
7.5 HIGH

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application …

Aug 18, 2025
CVE-2025-52584
7.8 HIGH

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE …

Aug 18, 2025
CVE-2025-46269
7.8 HIGH

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 …

Aug 18, 2025
CVE-2025-53705
7.8 HIGH

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO …

Aug 18, 2025
CVE-2025-41392
7.8 HIGH

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR …

Aug 18, 2025
CVE-2025-8098
7.8 HIGH

An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.

Aug 18, 2025
CVE-2025-55588
7.5 HIGH

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of …

Aug 18, 2025
CVE-2025-55587
7.5 HIGH

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of …

Aug 18, 2025
CVE-2025-55586
7.5 HIGH

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of …

Aug 18, 2025
CVE-2025-53192
8.8 HIGH

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using …

Aug 18, 2025
CVE-2025-32992
8.5 HIGH

Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control.

Aug 18, 2025
CVE-2025-55291
7.1 HIGH

Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. …

Aug 18, 2025
CVE-2025-54421
7.2 HIGH

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.4 allows remote authenticated …

Aug 18, 2025
CVE-2025-4962
7.7 HIGH

An Insecure Direct Object Reference (IDOR) vulnerability was identified in the `POST /v1/templates` endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability …

Aug 18, 2025
CVE-2025-36120
8.8 HIGH

IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization …

Aug 18, 2025
CVE-2025-33090
7.5 HIGH

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would …

Aug 18, 2025
CVE-2025-47206
8.1 HIGH

An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the …

Aug 18, 2025
CVE-2025-5296
7.3 HIGH

CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to …

Aug 18, 2025
CVE-2025-6625
7.5 HIGH

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.

Aug 18, 2025
CVE-2025-31713
8.4 HIGH

In engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no …

Aug 18, 2025
CVE-2025-7342
7.5 HIGH

A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix …

Aug 17, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.