CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-38437
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen …

Jul 25, 2025
CVE-2013-10032
8.8 HIGH

An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation …

Jul 25, 2025
CVE-2025-8160
8.8 HIGH

A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the …

Jul 25, 2025
CVE-2025-8159
8.8 HIGH

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of …

Jul 25, 2025
CVE-2025-52360
8.8 HIGH

A Cross-Site Scripting (XSS) vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is …

Jul 25, 2025
CVE-2025-45467
7.1 HIGH

Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on …

Jul 25, 2025
CVE-2025-38428
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware …

Jul 25, 2025
CVE-2025-38425
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not …

Jul 25, 2025
CVE-2025-38423
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9375: Fix double free of regulator supplies Driver gets regulator supplies in probe …

Jul 25, 2025
CVE-2025-38422
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Maximum OTP and EEPROM …

Jul 25, 2025
CVE-2025-38421
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason …

Jul 25, 2025
CVE-2024-48729
7.1 HIGH

An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via …

Jul 25, 2025
CVE-2025-38416
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty->disc_data only in success path Setting tty->disc_data before opening the NCI …

Jul 25, 2025
CVE-2025-38415
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller …

Jul 25, 2025
CVE-2025-38411
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix double put of request If a netfs request finishes during the pause loop, …

Jul 25, 2025
CVE-2025-38403
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet …

Jul 25, 2025
CVE-2025-38401
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdc_prepare_data() fails to map the DMA …

Jul 25, 2025
CVE-2025-38396
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to …

Jul 25, 2025
CVE-2025-38395
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array …

Jul 25, 2025
CVE-2025-38394
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix memory corruption of input_handler_list In appletb_kbd_probe an input handler is initialised and …

Jul 25, 2025
CVE-2025-38389
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported …

Jul 25, 2025
CVE-2025-38385
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect …

Jul 25, 2025
CVE-2025-38378
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe In probe appletb_kbd_probe() a "struct appletb_kbd *kbd" …

Jul 25, 2025
CVE-2025-38377
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: rose: fix dangling neighbour pointers in rose_rt_device_down() There are two bugs in rose_rt_device_down() that can …

Jul 25, 2025
CVE-2025-38375
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the …

Jul 25, 2025
CVE-2025-38369
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD …

Jul 25, 2025
CVE-2025-38367
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as …

Jul 25, 2025
CVE-2025-38366
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "num_cpu" from user space The maximum supported cpu number is …

Jul 25, 2025
CVE-2025-38361
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dce_hwseq before dereferencing it [WHAT] hws was checked for null earlier in dce110_blank_stream, …

Jul 25, 2025
CVE-2025-38357
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fuse: fix runtime warning on truncate_folio_batch_exceptionals() The WARN_ON_ONCE is introduced on truncate_folio_batch_exceptionals() to capture whether …

Jul 25, 2025
CVE-2025-8183
7.5 HIGH

NULL Pointer Dereference in µD3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS

Jul 25, 2025
CVE-2025-8140
8.8 HIGH

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the …

Jul 25, 2025
CVE-2025-8139
8.8 HIGH

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been classified as critical. This affects an unknown part of the file /boafrm/formPortFw of the …

Jul 25, 2025
CVE-2023-7306
7.5 HIGH

The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfm_delete_multiple_files() function …

Jul 25, 2025
CVE-2025-8138
8.8 HIGH

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formOneKeyAccessButton of …

Jul 25, 2025
CVE-2025-8137
8.8 HIGH

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS …

Jul 25, 2025
CVE-2025-8136
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component …

Jul 25, 2025
CVE-2025-5835
8.8 HIGH

The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in …

Jul 25, 2025
CVE-2025-5831
8.8 HIGH

The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up …

Jul 25, 2025
CVE-2025-8131
8.8 HIGH

A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file …

Jul 25, 2025
CVE-2015-10144
8.8 HIGH

The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader …

Jul 25, 2025
CVE-2025-22165
7.3 HIGH

This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a …

Jul 24, 2025
CVE-2025-31955
7.6 HIGH

HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system.

Jul 24, 2025
CVE-2025-31953
7.1 HIGH

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.

Jul 24, 2025
CVE-2025-31952
7.1 HIGH

HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.

Jul 24, 2025
CVE-2025-5039
7.8 HIGH

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of …

Jul 24, 2025
CVE-2025-48732
7.3 HIGH

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to …

Jul 24, 2025
CVE-2025-36548
8.3 HIGH

A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted …

Jul 24, 2025
CVE-2025-25214
8.8 HIGH

A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP …

Jul 24, 2025
CVE-2025-51087
8.6 HIGH

Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.

Jul 24, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.