CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-43248
7.8 HIGH

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able …

Jul 30, 2025
CVE-2025-43239
7.1 HIGH

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing …

Jul 30, 2025
CVE-2025-43227
7.5 HIGH

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, …

Jul 30, 2025
CVE-2025-43224
7.1 HIGH

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, …

Jul 30, 2025
CVE-2025-43223
7.5 HIGH

A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS …

Jul 30, 2025
CVE-2025-43221
7.1 HIGH

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, …

Jul 30, 2025
CVE-2025-43196
7.8 HIGH

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app …

Jul 30, 2025
CVE-2025-43188
7.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root …

Jul 30, 2025
CVE-2025-31280
7.8 HIGH

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted file may lead to …

Jul 30, 2025
CVE-2025-31278
8.8 HIGH

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, …

Jul 30, 2025
CVE-2025-31277
8.8 HIGH KEV

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, …

Jul 30, 2025
CVE-2025-31273
8.8 HIGH

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, …

Jul 30, 2025
CVE-2025-31243
7.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may …

Jul 30, 2025
CVE-2025-24224
7.5 HIGH

The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, macOS Ventura 13.7.7, …

Jul 30, 2025
CVE-2025-24119
7.8 HIGH

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may …

Jul 30, 2025
CVE-2025-7849
7.8 HIGH

A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. …

Jul 29, 2025
CVE-2025-7848
7.8 HIGH

A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires …

Jul 29, 2025
CVE-2025-7361
7.8 HIGH

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an …

Jul 29, 2025
CVE-2025-4674
8.6 HIGH

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This …

Jul 29, 2025
CVE-2025-52490
7.3 HIGH

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.

Jul 29, 2025
CVE-2025-45346
8.1 HIGH

SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.

Jul 29, 2025
CVE-2025-33092
7.8 HIGH

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user …

Jul 29, 2025
CVE-2024-42655
8.8 HIGH

An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.

Jul 29, 2025
CVE-2024-42651
7.5 HIGH

NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) …

Jul 29, 2025
CVE-2025-7675
7.8 HIGH

A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Jul 29, 2025
CVE-2025-7497
7.8 HIGH

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Jul 29, 2025
CVE-2025-6637
7.8 HIGH

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Jul 29, 2025
CVE-2025-6636
7.8 HIGH

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause …

Jul 29, 2025
CVE-2025-6635
7.8 HIGH

A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this …

Jul 29, 2025
CVE-2025-6631
7.8 HIGH

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Jul 29, 2025
CVE-2025-5043
7.8 HIGH

A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this …

Jul 29, 2025
CVE-2025-5038
7.8 HIGH

A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to …

Jul 29, 2025
CVE-2025-53715
7.5 HIGH

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead …

Jul 29, 2025
CVE-2025-53714
7.5 HIGH

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead …

Jul 29, 2025
CVE-2025-53713
7.5 HIGH

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead …

Jul 29, 2025
CVE-2025-53712
7.5 HIGH

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead …

Jul 29, 2025
CVE-2025-53711
7.5 HIGH

A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input …

Jul 29, 2025
CVE-2025-2928
7.2 HIGH

SQL Injection affecting the Archiver role.

Jul 29, 2025
CVE-2025-44137
8.2 HIGH

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the …

Jul 29, 2025
CVE-2025-31965
8.2 HIGH

Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.

Jul 29, 2025
CVE-2025-28170
7.6 HIGH

Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and …

Jul 29, 2025
CVE-2025-51970
7.7 HIGH

A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the …

Jul 29, 2025
CVE-2024-42645
7.5 HIGH

An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service (DoS).

Jul 29, 2025
CVE-2024-42644
7.5 HIGH

FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of the publish object is greater …

Jul 29, 2025
CVE-2025-6505
8.1 HIGH

Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to …

Jul 29, 2025
CVE-2025-6504
8.4 HIGH

In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since XFF is a client-controlled header, …

Jul 29, 2025
CVE-2025-6175
7.2 HIGH

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before GEODI Setup 9.0.146.

Jul 29, 2025
CVE-2025-7689
8.8 HIGH

The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() function in versions 1.1.0 to …

Jul 29, 2025
CVE-2025-6495
7.5 HIGH

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to …

Jul 29, 2025
CVE-2025-53080
7.1 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended …

Jul 29, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.