CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-33109
7.5 HIGH

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could …

Jul 24, 2025
CVE-2025-7695
8.8 HIGH

The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its reset_password_link REST endpoint in versions 2.77 through …

Jul 24, 2025
CVE-2025-7640
8.1 HIGH

The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.0.0. This is due to …

Jul 24, 2025
CVE-2025-26397
7.8 HIGH

SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious …

Jul 24, 2025
CVE-2025-54365
7.5 HIGH

fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular …

Jul 23, 2025
CVE-2025-54377
7.8 HIGH

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks (\n) …

Jul 23, 2025
CVE-2025-53942
7.4 HIGH

authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as …

Jul 23, 2025
CVE-2025-53537
7.5 HIGH

LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory …

Jul 23, 2025
CVE-2025-47281
7.7 HIGH

Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service (DoS) vulnerability exists due …

Jul 23, 2025
CVE-2025-47187
7.5 HIGH

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 …

Jul 23, 2025
CVE-2025-4700
8.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific …

Jul 23, 2025
CVE-2025-4439
7.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have …

Jul 23, 2025
CVE-2025-8069
7.8 HIGH

During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As …

Jul 23, 2025
CVE-2025-2634
7.8 HIGH

Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful …

Jul 23, 2025
CVE-2025-2633
7.8 HIGH

Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. …

Jul 23, 2025
CVE-2025-6018
7.8 HIGH

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for …

Jul 23, 2025
CVE-2025-40597
7.5 HIGH

A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in …

Jul 23, 2025
CVE-2025-40596
7.3 HIGH

A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in …

Jul 23, 2025
CVE-2025-33077
8.8 HIGH

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could …

Jul 23, 2025
CVE-2025-33076
8.8 HIGH

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could …

Jul 23, 2025
CVE-2025-46099
7.2 HIGH

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the …

Jul 23, 2025
CVE-2025-41684
8.8 HIGH

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the …

Jul 23, 2025
CVE-2025-41683
8.8 HIGH

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the …

Jul 23, 2025
CVE-2025-31701
8.1 HIGH

A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption …

Jul 23, 2025
CVE-2025-31700
8.1 HIGH

A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption …

Jul 23, 2025
CVE-2025-54453
8.8 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 …

Jul 23, 2025
CVE-2025-54452
7.3 HIGH

Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Jul 23, 2025
CVE-2025-54450
7.2 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 …

Jul 23, 2025
CVE-2025-54447
8.1 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Jul 23, 2025
CVE-2025-54445
8.2 HIGH

Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less …

Jul 23, 2025
CVE-2025-54441
8.8 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Jul 23, 2025
CVE-2025-54439
8.8 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Jul 23, 2025
CVE-2025-8021
7.5 HIGH

All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the …

Jul 23, 2025
CVE-2025-8020
8.2 HIGH

All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to …

Jul 23, 2025
CVE-2024-53286
7.2 HIGH

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 …

Jul 23, 2025
CVE-2025-7722
8.8 HIGH

The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin …

Jul 23, 2025
CVE-2025-6190
8.8 HIGH

The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile() AJAX handler in versions 0.1.0 …

Jul 23, 2025
CVE-2025-8060
8.8 HIGH

A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg …

Jul 23, 2025
CVE-2025-43022
7.2 HIGH

A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow a privileged user …

Jul 22, 2025
CVE-2025-8011
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Jul 22, 2025
CVE-2025-8010
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Jul 22, 2025
CVE-2025-7766
8.0 HIGH

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts …

Jul 22, 2025
CVE-2025-54141
7.5 HIGH

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided …

Jul 22, 2025
CVE-2025-54140
7.5 HIGH

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint …

Jul 22, 2025
CVE-2025-54138
7.5 HIGH

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and …

Jul 22, 2025
CVE-2025-54137
7.3 HIGH

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for …

Jul 22, 2025
CVE-2025-54072
7.5 HIGH

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder (or …

Jul 22, 2025
CVE-2025-53703
7.5 HIGH

DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers.

Jul 22, 2025
CVE-2025-53538
7.5 HIGH

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and …

Jul 22, 2025
CVE-2025-48733
7.5 HIGH

DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user authentication. This could allow an attacker to repeatedly reboot the device.

Jul 22, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.