CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-40761
7.6 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All …

Aug 12, 2025
CVE-2025-40759
7.8 HIGH

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 …

Aug 12, 2025
CVE-2025-40743
8.3 HIGH

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl …

Aug 12, 2025
CVE-2025-30033
7.8 HIGH

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application …

Aug 12, 2025
CVE-2024-54678
8.2 HIGH

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC …

Aug 12, 2025
CVE-2024-52504
7.5 HIGH

A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All …

Aug 12, 2025
CVE-2024-41979
7.1 HIGH

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < …

Aug 12, 2025
CVE-2025-41686
7.8 HIGH

A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access.

Aug 12, 2025
CVE-2025-8418
8.8 HIGH

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. …

Aug 12, 2025
CVE-2025-6253
7.5 HIGH

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, …

Aug 12, 2025
CVE-2025-5391
8.1 HIGH

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all …

Aug 12, 2025
CVE-2025-42976
8.1 HIGH

SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause …

Aug 12, 2025
CVE-2025-42951
8.8 HIGH

Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a …

Aug 12, 2025
CVE-2025-55161
8.6 HIGH

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert …

Aug 11, 2025
CVE-2025-55158
8.8 HIGH

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, …

Aug 11, 2025
CVE-2025-55157
8.8 HIGH

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error …

Aug 11, 2025
CVE-2025-55151
8.6 HIGH

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) …

Aug 11, 2025
CVE-2025-55150
8.6 HIGH

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert …

Aug 11, 2025
CVE-2025-25235
8.6 HIGH

Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on …

Aug 11, 2025
CVE-2025-54878
8.6 HIGH

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the …

Aug 11, 2025
CVE-2025-40920
8.6 HIGH

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating …

Aug 11, 2025
CVE-2025-7679
8.1 HIGH

The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT

Aug 11, 2025
CVE-2025-54525
7.5 HIGH

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription …

Aug 11, 2025
CVE-2025-54478
7.2 HIGH

Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via …

Aug 11, 2025
CVE-2025-52931
7.5 HIGH

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription …

Aug 11, 2025
CVE-2025-44004
7.2 HIGH

Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription …

Aug 11, 2025
CVE-2025-54063
8.0 HIGH

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability …

Aug 11, 2025
CVE-2025-25231
7.5 HIGH

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending …

Aug 11, 2025
CVE-2025-8672
7.8 HIGH

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application …

Aug 11, 2025
CVE-2025-8838
7.3 HIGH

A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend …

Aug 11, 2025
CVE-2025-8747
7.8 HIGH

A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing …

Aug 11, 2025
CVE-2025-8833
8.8 HIGH

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file …

Aug 11, 2025
CVE-2025-8832
8.8 HIGH

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file …

Aug 11, 2025
CVE-2025-8831
8.8 HIGH

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. …

Aug 11, 2025
CVE-2025-27577
8.4 HIGH

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.

Aug 11, 2025
CVE-2025-27128
8.4 HIGH

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.

Aug 11, 2025
CVE-2025-25278
8.4 HIGH

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.

Aug 11, 2025
CVE-2025-24298
8.4 HIGH

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.

Aug 11, 2025
CVE-2025-8826
8.8 HIGH

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function um_rp_autochannel of the …

Aug 11, 2025
CVE-2025-8824
8.8 HIGH

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of …

Aug 11, 2025
CVE-2025-8822
8.8 HIGH

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file …

Aug 11, 2025
CVE-2025-8820
8.8 HIGH

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file …

Aug 11, 2025
CVE-2025-8819
8.8 HIGH

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. …

Aug 10, 2025
CVE-2025-8817
8.8 HIGH

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setLan of …

Aug 10, 2025
CVE-2025-8816
8.8 HIGH

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. …

Aug 10, 2025
CVE-2025-8815
7.3 HIGH

A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index …

Aug 10, 2025
CVE-2025-8811
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of …

Aug 10, 2025
CVE-2025-8810
8.8 HIGH

A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation …

Aug 10, 2025
CVE-2025-8809
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation …

Aug 10, 2025
CVE-2025-8798
7.3 HIGH

A vulnerability was found in oitcode samarium up to 0.9.6. It has been classified as critical. Affected is an unknown function of the file /dashboard/product …

Aug 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.