CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-54627
8.8 HIGH

Out-of-bounds write vulnerability in the skia module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Aug 6, 2025
CVE-2025-8654
8.8 HIGH

Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. …

Aug 6, 2025
CVE-2025-8653
8.8 HIGH

Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. …

Aug 6, 2025
CVE-2025-7036
7.5 HIGH

The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1.5.20 due …

Aug 6, 2025
CVE-2025-54622
8.3 HIGH

Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Aug 6, 2025
CVE-2025-54611
7.3 HIGH

EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Aug 6, 2025
CVE-2025-54607
7.7 HIGH

Authentication management vulnerability in the ArkWeb module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Aug 6, 2025
CVE-2025-54606
7.3 HIGH

Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

Aug 6, 2025
CVE-2025-54655
8.1 HIGH

Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module.

Aug 6, 2025
CVE-2025-54653
8.4 HIGH

Path traversal vulnerability in the virtualization file module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module.

Aug 6, 2025
CVE-2025-54652
8.4 HIGH

Path traversal vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization module.

Aug 6, 2025
CVE-2025-54801
7.5 HIGH

Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a …

Aug 6, 2025
CVE-2013-10065
7.5 HIGH

A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in …

Aug 5, 2025
CVE-2012-10034
7.5 HIGH

ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize …

Aug 5, 2025
CVE-2025-51628
7.5 HIGH

Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the …

Aug 5, 2025
CVE-2025-54254
8.6 HIGH

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary …

Aug 5, 2025
CVE-2025-43978
7.4 HIGH

Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an …

Aug 5, 2025
CVE-2025-43979
7.4 HIGH

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted …

Aug 5, 2025
CVE-2025-29745
7.5 HIGH

A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a …

Aug 5, 2025
CVE-2025-7033
7.8 HIGH

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end …

Aug 5, 2025
CVE-2025-7032
7.8 HIGH

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end …

Aug 5, 2025
CVE-2025-7025
7.8 HIGH

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end …

Aug 5, 2025
CVE-2025-6207
7.5 HIGH

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in …

Aug 5, 2025
CVE-2025-5061
7.5 HIGH

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in …

Aug 5, 2025
CVE-2025-41698
7.8 HIGH

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.

Aug 5, 2025
CVE-2025-7050
7.2 HIGH

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in …

Aug 5, 2025
CVE-2025-54868
7.5 HIGH

LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch …

Aug 5, 2025
CVE-2025-54865
7.3 HIGH

Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by …

Aug 5, 2025
CVE-2025-54803
7.5 HIGH

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows …

Aug 5, 2025
CVE-2025-54780
7.7 HIGH

The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to …

Aug 5, 2025
CVE-2025-54135
8.5 HIGH

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the …

Aug 5, 2025
CVE-2025-54130
7.5 HIGH

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If …

Aug 5, 2025
CVE-2025-53544
7.5 HIGH

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection …

Aug 5, 2025
CVE-2025-27211
7.5 HIGH

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent …

Aug 4, 2025
CVE-2025-51726
8.4 HIGH

CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft …

Aug 4, 2025
CVE-2025-53395
7.7 HIGH

Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll …

Aug 4, 2025
CVE-2025-53394
7.7 HIGH

Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed …

Aug 4, 2025
CVE-2025-38741
7.5 HIGH

Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized …

Aug 4, 2025
CVE-2025-26476
8.4 HIGH

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially …

Aug 4, 2025
CVE-2025-21120
8.3 HIGH

Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged …

Aug 4, 2025
CVE-2025-51534
8.1 HIGH

A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted …

Aug 4, 2025
CVE-2025-44960
8.5 HIGH

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.

Aug 4, 2025
CVE-2025-44957
8.5 HIGH

Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.

Aug 4, 2025
CVE-2025-44955
8.8 HIGH

RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.

Aug 4, 2025
CVE-2025-38739
7.2 HIGH

Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information …

Aug 4, 2025
CVE-2025-44643
8.6 HIGH

Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in …

Aug 4, 2025
CVE-2025-30099
7.8 HIGH

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS …

Aug 4, 2025
CVE-2025-26065
7.3 HIGH

A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted …

Aug 4, 2025
CVE-2025-8109
8.8 HIGH

Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.

Aug 4, 2025
CVE-2025-36607
7.8 HIGH

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping …

Aug 4, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.