CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-7830
7.3 HIGH

A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of …

Jul 19, 2025
CVE-2025-7829
7.3 HIGH

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of …

Jul 19, 2025
CVE-2025-7824
7.3 HIGH

A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The …

Jul 19, 2025
CVE-2025-7823
7.3 HIGH

A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation …

Jul 19, 2025
CVE-2015-10139
8.8 HIGH

The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for …

Jul 19, 2025
CVE-2015-10136
7.5 HIGH

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read …

Jul 19, 2025
CVE-2015-10134
7.5 HIGH

The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is …

Jul 19, 2025
CVE-2015-10133
7.2 HIGH

The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. …

Jul 19, 2025
CVE-2025-38350
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their …

Jul 19, 2025
CVE-2025-27210
7.5 HIGH

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users …

Jul 18, 2025
CVE-2025-27209
7.5 HIGH

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker …

Jul 18, 2025
CVE-2025-7814
7.3 HIGH

A vulnerability classified as critical was found in code-projects Food Ordering Review System 1.0. This vulnerability affects unknown code of the file /pages/signup_function.php. The manipulation …

Jul 18, 2025
CVE-2025-7807
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. The …

Jul 18, 2025
CVE-2025-7806
8.8 HIGH

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. The manipulation of the …

Jul 18, 2025
CVE-2025-7805
8.8 HIGH

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the …

Jul 18, 2025
CVE-2025-50708
7.5 HIGH

An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to obtain sensitive information via the token component in the shared chat URL

Jul 18, 2025
CVE-2025-7801
7.3 HIGH

A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBas_customPrmSearchDtl.jsp. …

Jul 18, 2025
CVE-2025-52169
7.1 HIGH

agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.

Jul 18, 2025
CVE-2025-50585
8.8 HIGH

StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl.

Jul 18, 2025
CVE-2025-7796
8.8 HIGH

A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of …

Jul 18, 2025
CVE-2025-7795
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file …

Jul 18, 2025
CVE-2025-52164
8.2 HIGH

Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.

Jul 18, 2025
CVE-2025-7794
8.8 HIGH

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation …

Jul 18, 2025
CVE-2025-7793
8.8 HIGH

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the …

Jul 18, 2025
CVE-2025-7792
8.8 HIGH

A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The …

Jul 18, 2025
CVE-2025-53762
8.7 HIGH

Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.

Jul 18, 2025
CVE-2025-7790
8.8 HIGH

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the …

Jul 18, 2025
CVE-2025-54079
8.8 HIGH

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions …

Jul 18, 2025
CVE-2025-54075
8.3 HIGH

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / …

Jul 18, 2025
CVE-2025-54073
7.5 HIGH

mcp-package-docs is an MCP (Model Context Protocol) server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol …

Jul 18, 2025
CVE-2025-53945
7.0 HIGH

apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files …

Jul 18, 2025
CVE-2025-6023
7.6 HIGH

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. …

Jul 18, 2025
CVE-2025-38349
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out …

Jul 18, 2025
CVE-2025-7438
7.5 HIGH

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all …

Jul 18, 2025
CVE-2025-6718
8.8 HIGH

The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up …

Jul 18, 2025
CVE-2025-6813
8.8 HIGH

The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to …

Jul 18, 2025
CVE-2025-3740
8.8 HIGH

The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 93.1.0 via the …

Jul 18, 2025
CVE-2025-7765
7.3 HIGH

A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file …

Jul 17, 2025
CVE-2025-7764
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/deletedoctorclinic.php. The …

Jul 17, 2025
CVE-2025-7762
8.8 HIGH

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.asp of …

Jul 17, 2025
CVE-2025-7758
8.8 HIGH

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of …

Jul 17, 2025
CVE-2025-7397
7.1 HIGH

A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the …

Jul 17, 2025
CVE-2025-7757
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. …

Jul 17, 2025
CVE-2025-7753
7.3 HIGH

A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file …

Jul 17, 2025
CVE-2025-7752
7.3 HIGH

A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …

Jul 17, 2025
CVE-2025-7751
7.3 HIGH

A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of …

Jul 17, 2025
CVE-2025-7433
8.8 HIGH

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.

Jul 17, 2025
CVE-2025-6248
7.4 HIGH

A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a …

Jul 17, 2025
CVE-2025-6232
7.8 HIGH

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by …

Jul 17, 2025
CVE-2025-6231
7.8 HIGH

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by …

Jul 17, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.