CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-47123
7.8 HIGH

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jul 8, 2025
CVE-2025-47122
7.8 HIGH

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jul 8, 2025
CVE-2025-47121
7.8 HIGH

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the …

Jul 8, 2025
CVE-2025-47099
7.8 HIGH

InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jul 8, 2025
CVE-2025-47098
7.8 HIGH

InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context …

Jul 8, 2025
CVE-2025-47097
7.8 HIGH

InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the …

Jul 8, 2025
CVE-2024-56468
7.5 HIGH

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid …

Jul 8, 2025
CVE-2025-7198
7.3 HIGH

A vulnerability classified as critical was found in code-projects Jonnys Liquor 1.0. This vulnerability affects unknown code of the file /admin/admin-area.php. The manipulation of the …

Jul 8, 2025
CVE-2025-7197
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of …

Jul 8, 2025
CVE-2025-6759
7.8 HIGH

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS

Jul 8, 2025
CVE-2025-53547
8.5 HIGH

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can …

Jul 8, 2025
CVE-2025-49532
7.8 HIGH

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the …

Jul 8, 2025
CVE-2025-49531
7.8 HIGH

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context …

Jul 8, 2025
CVE-2025-49530
7.8 HIGH

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …

Jul 8, 2025
CVE-2025-49529
7.8 HIGH

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context …

Jul 8, 2025
CVE-2025-49528
7.8 HIGH

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jul 8, 2025
CVE-2025-49527
7.8 HIGH

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jul 8, 2025
CVE-2025-49526
7.8 HIGH

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …

Jul 8, 2025
CVE-2025-47136
7.8 HIGH

InDesign Desktop versions 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the …

Jul 8, 2025
CVE-2025-47134
7.8 HIGH

InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jul 8, 2025
CVE-2025-47103
7.8 HIGH

InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jul 8, 2025
CVE-2025-43594
7.8 HIGH

InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …

Jul 8, 2025
CVE-2025-43592
7.8 HIGH

InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context …

Jul 8, 2025
CVE-2025-43591
7.8 HIGH

InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jul 8, 2025
CVE-2025-7196
7.3 HIGH

A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the …

Jul 8, 2025
CVE-2025-7194
8.8 HIGH

A vulnerability was found in D-Link DI-500WF 17.04.10A1T. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file …

Jul 8, 2025
CVE-2025-49551
8.8 HIGH

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An attacker could …

Jul 8, 2025
CVE-2025-49538
7.4 HIGH

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can …

Jul 8, 2025
CVE-2025-49537
7.9 HIGH

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability …

Jul 8, 2025
CVE-2025-49536
7.3 HIGH

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker …

Jul 8, 2025
CVE-2025-43582
7.8 HIGH

Substance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jul 8, 2025
CVE-2025-7193
7.3 HIGH

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System up to 1.0. It has been classified as critical. Affected is an unknown function of …

Jul 8, 2025
CVE-2025-53355
7.5 HIGH

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes …

Jul 8, 2025
CVE-2025-7191
7.3 HIGH

A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The …

Jul 8, 2025
CVE-2025-48384
8.0 HIGH KEV

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. …

Jul 8, 2025
CVE-2025-37102
7.2 HIGH

An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote …

Jul 8, 2025
CVE-2025-30312
7.8 HIGH

Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current …

Jul 8, 2025
CVE-2025-0928
8.8 HIGH

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the …

Jul 8, 2025
CVE-2025-53513
8.8 HIGH

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading …

Jul 8, 2025
CVE-2025-49753
8.8 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Jul 8, 2025
CVE-2025-49744
7.0 HIGH

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-49742
7.8 HIGH

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Jul 8, 2025
CVE-2025-49740
8.8 HIGH

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Jul 8, 2025
CVE-2025-49739
8.8 HIGH

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Jul 8, 2025
CVE-2025-49738
7.8 HIGH

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-49737
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-49735
8.1 HIGH

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Jul 8, 2025
CVE-2025-49733
7.8 HIGH

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-49732
7.8 HIGH

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-49730
7.8 HIGH

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Jul 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.