CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-8773
7.3 HIGH

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/login_getPasswordErrorNum.action. The …

Aug 9, 2025
CVE-2025-8758
7.0 HIGH

A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation …

Aug 9, 2025
CVE-2025-8757
7.0 HIGH

A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of …

Aug 9, 2025
CVE-2025-8752
7.3 HIGH

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. …

Aug 9, 2025
CVE-2025-4581
8.6 HIGH

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA …

Aug 9, 2025
CVE-2025-55009
7.1 HIGH

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix …

Aug 9, 2025
CVE-2025-55008
7.1 HIGH

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and …

Aug 9, 2025
CVE-2025-54996
7.2 HIGH

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts …

Aug 9, 2025
CVE-2025-54417
8.8 HIGH

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS …

Aug 9, 2025
CVE-2025-8744
7.3 HIGH

A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of …

Aug 9, 2025
CVE-2025-46709
7.5 HIGH

Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.

Aug 9, 2025
CVE-2025-4796
8.8 HIGH

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to …

Aug 8, 2025
CVE-2025-52914
8.8 HIGH

A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL …

Aug 8, 2025
CVE-2025-8393
7.3 HIGH

A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which …

Aug 8, 2025
CVE-2025-53520
8.8 HIGH

The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) …

Aug 8, 2025
CVE-2025-50466
7.1 HIGH

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter …

Aug 8, 2025
CVE-2025-50465
7.1 HIGH

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter …

Aug 8, 2025
CVE-2025-46414
8.1 HIGH

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to …

Aug 8, 2025
CVE-2025-8355
7.5 HIGH

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to …

Aug 8, 2025
CVE-2025-36119
7.1 HIGH

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due …

Aug 8, 2025
CVE-2020-9322
8.8 HIGH

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur …

Aug 8, 2025
CVE-2025-8088
8.8 HIGH KEV

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was …

Aug 8, 2025
CVE-2025-8748
8.8 HIGH

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow …

Aug 8, 2025
CVE-2025-54886
8.4 HIGH

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain …

Aug 8, 2025
CVE-2025-53787
8.2 HIGH

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

Aug 7, 2025
CVE-2025-26513
7.0 HIGH

The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local …

Aug 7, 2025
CVE-2025-47219
8.1 HIGH

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading …

Aug 7, 2025
CVE-2025-55077
7.4 HIGH

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows …

Aug 7, 2025
CVE-2025-50675
7.8 HIGH

GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, …

Aug 7, 2025
CVE-2025-51629
8.8 HIGH

A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting …

Aug 7, 2025
CVE-2023-41532
8.8 HIGH

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.

Aug 7, 2025
CVE-2023-41531
8.8 HIGH

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.

Aug 7, 2025
CVE-2023-41524
8.8 HIGH

Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php.

Aug 7, 2025
CVE-2023-41523
8.8 HIGH

Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php.

Aug 7, 2025
CVE-2023-41522
8.8 HIGH

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters.

Aug 7, 2025
CVE-2023-41521
8.8 HIGH

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters.

Aug 7, 2025
CVE-2023-41520
8.8 HIGH

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters.

Aug 7, 2025
CVE-2025-55138
7.4 HIGH

LinkJoin through 882f196 mishandles token ownership in password reset.

Aug 7, 2025
CVE-2025-55137
7.4 HIGH

LinkJoin through 882f196 mishandles lacks type checking in password reset.

Aug 7, 2025
CVE-2025-24000
8.8 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through …

Aug 7, 2025
CVE-2025-47907
7.0 HIGH

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned …

Aug 7, 2025
CVE-2025-35970
7.5 HIGH

On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the …

Aug 7, 2025
CVE-2025-8578
8.8 HIGH

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Aug 7, 2025
CVE-2025-8576
8.8 HIGH

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. …

Aug 7, 2025
CVE-2025-54882
7.1 HIGH

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud …

Aug 7, 2025
CVE-2025-3770
7.0 HIGH

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to …

Aug 7, 2025
CVE-2025-54788
8.8 HIGH

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in …

Aug 7, 2025
CVE-2025-54785
8.8 HIGH

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed …

Aug 7, 2025
CVE-2025-6634
7.8 HIGH

A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this …

Aug 6, 2025
CVE-2025-6633
7.8 HIGH

A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Aug 6, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.