CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-36606
7.8 HIGH

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping …

Aug 4, 2025
CVE-2025-36604
7.3 HIGH

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker …

Aug 4, 2025
CVE-2025-6204
8.0 HIGH KEV

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute …

Aug 4, 2025
CVE-2025-41691
7.5 HIGH

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading …

Aug 4, 2025
CVE-2025-41659
8.3 HIGH

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This …

Aug 4, 2025
CVE-2025-20702
8.8 HIGH

In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with …

Aug 4, 2025
CVE-2025-20701
8.8 HIGH

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation …

Aug 4, 2025
CVE-2025-20700
8.8 HIGH

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. …

Aug 4, 2025
CVE-2025-8503
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1.0. Affected by this issue is some unknown functionality of …

Aug 3, 2025
CVE-2025-8502
7.3 HIGH

A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. …

Aug 3, 2025
CVE-2025-8499
7.3 HIGH

A vulnerability was found in code-projects Online Medicine Guide 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cusfindambulence2.php. …

Aug 3, 2025
CVE-2025-8498
7.3 HIGH

A security vulnerability has been detected in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /cart/index.php. Such manipulation of the …

Aug 3, 2025
CVE-2025-8497
7.3 HIGH

A weakness has been identified in code-projects Online Medicine Guide 1.0. This affects an unknown part of the file /cusfindphar2.php. This manipulation of the argument …

Aug 3, 2025
CVE-2025-8496
7.3 HIGH

A vulnerability has been found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

Aug 3, 2025
CVE-2025-8495
7.3 HIGH

A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/edit_admin_query.php. …

Aug 3, 2025
CVE-2025-54351
8.9 HIGH

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).

Aug 3, 2025
CVE-2025-8494
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the …

Aug 3, 2025
CVE-2025-54955
8.1 HIGH

OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. …

Aug 3, 2025
CVE-2025-8493
7.3 HIGH

A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manipulation …

Aug 2, 2025
CVE-2025-23284
7.8 HIGH

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of …

Aug 2, 2025
CVE-2025-23283
7.8 HIGH

NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful …

Aug 2, 2025
CVE-2025-23281
7.0 HIGH

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able …

Aug 2, 2025
CVE-2025-23279
7.0 HIGH

NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of …

Aug 2, 2025
CVE-2025-23278
7.1 HIGH

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted …

Aug 2, 2025
CVE-2025-23277
7.3 HIGH

NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under …

Aug 2, 2025
CVE-2025-23276
7.8 HIGH

NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to …

Aug 2, 2025
CVE-2025-8471
7.3 HIGH

A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file …

Aug 2, 2025
CVE-2025-8470
7.3 HIGH

A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/deleteroom.php. The manipulation …

Aug 2, 2025
CVE-2025-8469
7.3 HIGH

A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/deletegallery.php. The …

Aug 2, 2025
CVE-2025-8468
7.3 HIGH

A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the …

Aug 2, 2025
CVE-2025-8467
7.3 HIGH

A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the …

Aug 2, 2025
CVE-2025-8466
7.3 HIGH

A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /forgot_passfarmer.php. …

Aug 2, 2025
CVE-2025-6754
8.8 HIGH

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() …

Aug 2, 2025
CVE-2025-6076
8.8 HIGH

Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a …

Aug 2, 2025
CVE-2025-54796
7.5 HIGH

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is …

Aug 2, 2025
CVE-2025-54782
8.8 HIGH

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in …

Aug 2, 2025
CVE-2025-54136
7.2 HIGH

Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying …

Aug 2, 2025
CVE-2025-54424
8.1 HIGH

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, …

Aug 1, 2025
CVE-2013-10061
7.2 HIGH

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in …

Aug 1, 2025
CVE-2013-10060
7.2 HIGH

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A …

Aug 1, 2025
CVE-2013-10059
7.2 HIGH

An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface …

Aug 1, 2025
CVE-2013-10050
8.8 HIGH

An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. …

Aug 1, 2025
CVE-2013-10044
8.8 HIGH

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. …

Aug 1, 2025
CVE-2025-8480
8.0 HIGH

Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is …

Aug 1, 2025
CVE-2025-8477
7.4 HIGH

Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. …

Aug 1, 2025
CVE-2025-8476
8.0 HIGH

Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is …

Aug 1, 2025
CVE-2025-8475
7.4 HIGH

Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 …

Aug 1, 2025
CVE-2025-8472
7.4 HIGH

Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine …

Aug 1, 2025
CVE-2025-5999
7.2 HIGH

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root …

Aug 1, 2025
CVE-2025-54595
7.3 HIGH

Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is …

Aug 1, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.