CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-53078
8.0 HIGH

Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system

Jul 29, 2025
CVE-2025-54769
8.8 HIGH

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. …

Jul 29, 2025
CVE-2025-50486
7.1 HIGH

Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-50485
7.1 HIGH

Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-29534
8.8 HIGH

An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root …

Jul 28, 2025
CVE-2025-8194
7.5 HIGH

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with …

Jul 28, 2025
CVE-2025-50487
7.1 HIGH

Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-50484
7.1 HIGH

Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-50492
7.5 HIGH

Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-50491
7.1 HIGH

Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-50489
7.5 HIGH

Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-50488
7.1 HIGH

Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-54531
7.7 HIGH

In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows

Jul 28, 2025
CVE-2025-54530
7.5 HIGH

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions

Jul 28, 2025
CVE-2025-50494
7.5 HIGH

Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-50493
7.5 HIGH

Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-50490
7.5 HIGH

Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.

Jul 28, 2025
CVE-2025-2297
7.8 HIGH

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under …

Jul 28, 2025
CVE-2024-49342
7.5 HIGH

IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

Jul 28, 2025
CVE-2025-8279
8.7 HIGH

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution

Jul 28, 2025
CVE-2025-4056
7.5 HIGH

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long …

Jul 28, 2025
CVE-2025-8274
7.3 HIGH

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file …

Jul 28, 2025
CVE-2025-5997
8.8 HIGH

Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse.This issue affects PhishPro: before 7.5.4.2.

Jul 28, 2025
CVE-2025-38497
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string …

Jul 28, 2025
CVE-2025-38494
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer …

Jul 28, 2025
CVE-2025-38490
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: libwx: remove duplicate page_pool_put_full_page() page_pool_put_full_page() should only be invoked when freeing Rx buffers or …

Jul 28, 2025
CVE-2025-38488
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in crypt_message when using async crypto The CVE-2024-50047 fix removed asynchronous …

Jul 28, 2025
CVE-2025-38485
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush fxls8962af_fifo_flush() uses indio_dev->active_scan_mask (with iio_for_each_active_channel()) without …

Jul 28, 2025
CVE-2025-38484
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: backend: fix out-of-bound write The buffer is set to 80 character. If a caller …

Jul 28, 2025
CVE-2025-38483
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: comedi: das16m1: Fix bit shift out of bounds When checking for a supported IRQ number, …

Jul 28, 2025
CVE-2025-38482
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: comedi: das6402: Fix bit shift out of bounds When checking for a supported IRQ number, …

Jul 28, 2025
CVE-2025-38476
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: rpl: Fix use-after-free in rpl_do_srh_inline(). Running lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers the splat below …

Jul 28, 2025
CVE-2025-38471
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts …

Jul 28, 2025
CVE-2025-8273
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s8.php. The manipulation …

Jul 28, 2025
CVE-2025-8272
7.3 HIGH

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

Jul 28, 2025
CVE-2025-8271
7.3 HIGH

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_s3.php. …

Jul 28, 2025
CVE-2025-8270
7.3 HIGH

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s2.php. …

Jul 28, 2025
CVE-2025-8269
7.3 HIGH

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

Jul 28, 2025
CVE-2025-8261
7.3 HIGH

A weakness has been identified in Vaelsys VaelsysV4 4.1.0. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component User Creation Handler. Executing …

Jul 28, 2025
CVE-2025-8259
7.3 HIGH

A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function execute_DataObjectProc of the file /grid/vgrid_server.php of the component …

Jul 28, 2025
CVE-2025-8267
8.2 HIGH

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the …

Jul 28, 2025
CVE-2025-8255
7.3 HIGH

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

Jul 28, 2025
CVE-2025-8253
7.3 HIGH

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s6.php. …

Jul 28, 2025
CVE-2025-8252
7.3 HIGH

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

Jul 28, 2025
CVE-2025-8251
7.3 HIGH

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

Jul 28, 2025
CVE-2025-8250
7.3 HIGH

A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s4.php. The …

Jul 28, 2025
CVE-2025-8249
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file …

Jul 28, 2025
CVE-2025-8248
7.3 HIGH

A vulnerability classified as critical was found in code-projects Online Ordering System 1.0. This vulnerability affects unknown code of the file /signup.php. The manipulation of …

Jul 28, 2025
CVE-2025-8246
8.8 HIGH

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file …

Jul 27, 2025
CVE-2025-8245
8.8 HIGH

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file …

Jul 27, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.