CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-1727
8.1 HIGH

The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. …

Jul 10, 2025
CVE-2025-7417
8.8 HIGH

A vulnerability has been found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this vulnerability is the function fromNetToolGet of the file /goform/setPingInfo …

Jul 10, 2025
CVE-2025-7416
8.8 HIGH

A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.12(3880). Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component …

Jul 10, 2025
CVE-2025-3947
8.2 HIGH

The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to …

Jul 10, 2025
CVE-2025-3946
8.2 HIGH

The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially …

Jul 10, 2025
CVE-2025-2521
8.6 HIGH

The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this …

Jul 10, 2025
CVE-2025-53634
7.5 HIGH

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With …

Jul 10, 2025
CVE-2025-53629
7.5 HIGH

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily …

Jul 10, 2025
CVE-2025-53628
8.8 HIGH

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an …

Jul 10, 2025
CVE-2025-53506
7.5 HIGH

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. …

Jul 10, 2025
CVE-2025-2520
7.5 HIGH

The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to …

Jul 10, 2025
CVE-2025-7411
7.3 HIGH

A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the …

Jul 10, 2025
CVE-2025-53542
7.7 HIGH

Headlamp is an extensible Kubernetes web UI. A command injection vulnerability was discovered in the codeSign.js script used in the macOS packaging workflow of the …

Jul 10, 2025
CVE-2025-53503
7.8 HIGH

Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files …

Jul 10, 2025
CVE-2025-53378
7.6 HIGH

A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the …

Jul 10, 2025
CVE-2025-52837
7.8 HIGH

Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity …

Jul 10, 2025
CVE-2025-52521
7.8 HIGH

Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged …

Jul 10, 2025
CVE-2025-52520
7.5 HIGH

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This …

Jul 10, 2025
CVE-2025-52434
7.5 HIGH

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client …

Jul 10, 2025
CVE-2025-28244
8.8 HIGH

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account …

Jul 10, 2025
CVE-2025-28243
8.0 HIGH

An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component.

Jul 10, 2025
CVE-2025-7410
7.3 HIGH

A vulnerability was found in code-projects LifeStyle Store 1.0. It has been classified as critical. Affected is an unknown function of the file /cart_remove.php. The …

Jul 10, 2025
CVE-2025-7409
7.3 HIGH

A vulnerability was found in code-projects Mobile Shop 1.0 and classified as critical. This issue affects some unknown processing of the file /LoginAsAdmin.php. The manipulation …

Jul 10, 2025
CVE-2025-53020
7.5 HIGH

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are …

Jul 10, 2025
CVE-2025-49812
7.4 HIGH

In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session …

Jul 10, 2025
CVE-2025-49630
7.5 HIGH

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing …

Jul 10, 2025
CVE-2024-47252
7.5 HIGH

Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log …

Jul 10, 2025
CVE-2024-43394
7.5 HIGH

Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via mod_rewrite or apache expressions …

Jul 10, 2025
CVE-2024-43204
7.5 HIGH

SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an …

Jul 10, 2025
CVE-2024-42516
7.5 HIGH

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied …

Jul 10, 2025
CVE-2025-46788
7.4 HIGH

Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.

Jul 10, 2025
CVE-2025-7365
7.1 HIGH

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the …

Jul 10, 2025
CVE-2025-46835
8.5 HIGH

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked …

Jul 10, 2025
CVE-2025-46334
8.6 HIGH

Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical …

Jul 10, 2025
CVE-2025-44251
7.5 HIGH

Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process.

Jul 10, 2025
CVE-2025-27614
8.6 HIGH

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social …

Jul 10, 2025
CVE-2025-7425
7.8 HIGH

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, …

Jul 10, 2025
CVE-2025-7424
7.5 HIGH

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to …

Jul 10, 2025
CVE-2025-5040
7.8 HIGH

A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause …

Jul 10, 2025
CVE-2025-5037
7.8 HIGH

A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this …

Jul 10, 2025
CVE-2025-6948
8.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain …

Jul 10, 2025
CVE-2025-5023
7.1 HIGH

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the …

Jul 10, 2025
CVE-2025-38348
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Robert Morris reported: |If a malicious USB device pretends …

Jul 10, 2025
CVE-2025-38346
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a …

Jul 10, 2025
CVE-2025-38342
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so …

Jul 10, 2025
CVE-2025-38341
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that …

Jul 10, 2025
CVE-2025-38340
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds …

Jul 10, 2025
CVE-2025-38338
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() Sometimes, when a file was read while it was …

Jul 10, 2025
CVE-2025-38330
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) KASAN reported out …

Jul 10, 2025
CVE-2025-38329
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info) KASAN reported out …

Jul 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.