CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-54593
7.2 HIGH

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by …

Aug 1, 2025
CVE-2025-54564
7.8 HIGH

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.

Aug 1, 2025
CVE-2025-53012
7.5 HIGH

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX …

Aug 1, 2025
CVE-2025-53011
7.5 HIGH

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes …

Aug 1, 2025
CVE-2025-53010
7.5 HIGH

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes …

Aug 1, 2025
CVE-2025-53009
7.5 HIGH

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing …

Aug 1, 2025
CVE-2025-2824
7.4 HIGH

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By …

Aug 1, 2025
CVE-2023-32256
7.5 HIGH

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in …

Aug 1, 2025
CVE-2025-51504
7.6 HIGH

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.

Aug 1, 2025
CVE-2025-52361
7.8 HIGH

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root …

Aug 1, 2025
CVE-2025-52327
7.8 HIGH

SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file

Aug 1, 2025
CVE-2025-44139
7.2 HIGH

Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip

Aug 1, 2025
CVE-2025-45767
7.0 HIGH

jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security …

Aug 1, 2025
CVE-2025-41374
8.8 HIGH

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to …

Aug 1, 2025
CVE-2025-41373
8.8 HIGH

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to …

Aug 1, 2025
CVE-2025-41372
8.8 HIGH

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to …

Aug 1, 2025
CVE-2025-41371
8.8 HIGH

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to …

Aug 1, 2025
CVE-2025-41370
8.8 HIGH

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to …

Aug 1, 2025
CVE-2025-8443
7.3 HIGH

A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

Aug 1, 2025
CVE-2025-8442
7.3 HIGH

A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

Aug 1, 2025
CVE-2025-8441
7.3 HIGH

A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The …

Aug 1, 2025
CVE-2025-8439
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. …

Aug 1, 2025
CVE-2025-8438
7.3 HIGH

A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file /controllers/postpublish.php. The manipulation of the …

Aug 1, 2025
CVE-2025-8437
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of …

Aug 1, 2025
CVE-2025-8436
7.3 HIGH

A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of …

Aug 1, 2025
CVE-2025-8435
7.3 HIGH

A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of …

Aug 1, 2025
CVE-2025-7725
7.2 HIGH

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress …

Aug 1, 2025
CVE-2025-7443
8.1 HIGH

The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary …

Aug 1, 2025
CVE-2025-8434
7.3 HIGH

A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. …

Aug 1, 2025
CVE-2025-8431
7.3 HIGH

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The …

Aug 1, 2025
CVE-2025-48071
7.8 HIGH

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through …

Jul 31, 2025
CVE-2025-45768
7.0 HIGH

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that …

Jul 31, 2025
CVE-2025-50572
8.8 HIGH

Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user …

Jul 31, 2025
CVE-2025-45770
7.0 HIGH

jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set …

Jul 31, 2025
CVE-2025-26064
7.3 HIGH

A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted …

Jul 31, 2025
CVE-2025-51503
7.6 HIGH

A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution …

Jul 31, 2025
CVE-2025-8409
7.3 HIGH

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file …

Jul 31, 2025
CVE-2025-52203
7.6 HIGH

A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied …

Jul 31, 2025
CVE-2025-50850
8.6 HIGH

An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This …

Jul 31, 2025
CVE-2025-29556
7.3 HIGH

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating …

Jul 31, 2025
CVE-2025-8408
7.3 HIGH

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation …

Jul 31, 2025
CVE-2025-52289
8.0 HIGH

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set …

Jul 31, 2025
CVE-2025-50849
8.0 HIGH

CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent …

Jul 31, 2025
CVE-2025-8407
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. …

Jul 31, 2025
CVE-2025-8213
7.2 HIGH

The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscan_ajax_quarantine' …

Jul 31, 2025
CVE-2025-8378
7.3 HIGH

A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality …

Jul 31, 2025
CVE-2025-8376
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of …

Jul 31, 2025
CVE-2025-41688
7.2 HIGH

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.

Jul 31, 2025
CVE-2025-2813
7.5 HIGH

An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.

Jul 31, 2025
CVE-2025-8375
7.3 HIGH

A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. …

Jul 31, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.