CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-7169
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Crime Reporting System 1.0. Affected is an unknown function of the file /complainer_page.php. The manipulation …

Jul 8, 2025
CVE-2025-7168
7.3 HIGH

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

Jul 8, 2025
CVE-2025-38236
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unix_stream_read_generic(). The …

Jul 8, 2025
CVE-2025-6746
8.8 HIGH

The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes …

Jul 8, 2025
CVE-2025-41668
8.8 HIGH

A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and …

Jul 8, 2025
CVE-2025-41667
8.8 HIGH

A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access …

Jul 8, 2025
CVE-2025-41666
8.8 HIGH

A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to …

Jul 8, 2025
CVE-2025-25271
8.8 HIGH

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.

Jul 8, 2025
CVE-2025-25269
8.4 HIGH

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

Jul 8, 2025
CVE-2025-25268
8.8 HIGH

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

Jul 8, 2025
CVE-2025-24006
7.8 HIGH

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.

Jul 8, 2025
CVE-2025-24005
7.8 HIGH

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.

Jul 8, 2025
CVE-2025-24003
8.2 HIGH

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of …

Jul 8, 2025
CVE-2025-7327
8.8 HIGH

The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. …

Jul 8, 2025
CVE-2025-7165
7.3 HIGH

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …

Jul 8, 2025
CVE-2025-7164
7.3 HIGH

A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of …

Jul 8, 2025
CVE-2025-7160
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. This affects an unknown part of the file /admin/index.php. The manipulation …

Jul 8, 2025
CVE-2025-7157
7.3 HIGH

A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. …

Jul 8, 2025
CVE-2025-20686
8.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code …

Jul 8, 2025
CVE-2025-20685
8.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code …

Jul 8, 2025
CVE-2025-7146
7.5 HIGH

The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file.

Jul 8, 2025
CVE-2025-7155
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard …

Jul 8, 2025
CVE-2025-42959
8.1 HIGH

An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused …

Jul 8, 2025
CVE-2025-42953
8.1 HIGH

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity …

Jul 8, 2025
CVE-2025-42952
7.7 HIGH

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system …

Jul 8, 2025
CVE-2025-7147
7.3 HIGH

A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of …

Jul 7, 2025
CVE-2025-53539
7.5 HIGH

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses …

Jul 7, 2025
CVE-2025-53536
8.1 HIGH

Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts …

Jul 7, 2025
CVE-2025-7136
7.3 HIGH

A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0. Affected is an unknown function of the file /admin/view_vacancy.php. …

Jul 7, 2025
CVE-2025-53531
7.5 HIGH

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. …

Jul 7, 2025
CVE-2025-53530
7.5 HIGH

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. …

Jul 7, 2025
CVE-2025-36014
8.2 HIGH

IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.

Jul 7, 2025
CVE-2024-25177
7.5 HIGH

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

Jul 7, 2025
CVE-2025-7135
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the …

Jul 7, 2025
CVE-2025-7134
7.3 HIGH

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_application. The manipulation …

Jul 7, 2025
CVE-2025-53376
8.8 HIGH

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run …

Jul 7, 2025
CVE-2025-52492
7.5 HIGH

A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. …

Jul 7, 2025
CVE-2025-48367
7.5 HIGH

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, …

Jul 7, 2025
CVE-2025-32023
7.0 HIGH

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use …

Jul 7, 2025
CVE-2025-26780
7.5 HIGH

An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to …

Jul 7, 2025
CVE-2025-7132
7.3 HIGH

A vulnerability was found in Campcodes Payroll Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of …

Jul 7, 2025
CVE-2025-6807
7.5 HIGH

Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is …

Jul 7, 2025
CVE-2025-6806
7.5 HIGH

Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication …

Jul 7, 2025
CVE-2025-6804
7.5 HIGH

Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is …

Jul 7, 2025
CVE-2025-6803
7.5 HIGH

Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is …

Jul 7, 2025
CVE-2025-6801
7.5 HIGH

Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication …

Jul 7, 2025
CVE-2025-6800
7.5 HIGH

Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is …

Jul 7, 2025
CVE-2025-6799
7.5 HIGH

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is …

Jul 7, 2025
CVE-2025-6797
7.5 HIGH

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is …

Jul 7, 2025
CVE-2025-6796
7.5 HIGH

Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is …

Jul 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.