CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-6795
7.5 HIGH

Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is …

Jul 7, 2025
CVE-2025-6714
7.5 HIGH

MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer …

Jul 7, 2025
CVE-2025-6713
7.7 HIGH

An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in …

Jul 7, 2025
CVE-2025-6663
7.8 HIGH

GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. …

Jul 7, 2025
CVE-2025-5987
8.1 HIGH

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this …

Jul 7, 2025
CVE-2025-7131
7.3 HIGH

A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of …

Jul 7, 2025
CVE-2025-7130
7.3 HIGH

A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_payroll. …

Jul 7, 2025
CVE-2023-51232
7.5 HIGH

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be …

Jul 7, 2025
CVE-2025-7129
7.3 HIGH

A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_employee_attendance_single. The …

Jul 7, 2025
CVE-2025-7128
7.3 HIGH

A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=calculate_payroll. The …

Jul 7, 2025
CVE-2025-6209
7.5 HIGH

A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate …

Jul 7, 2025
CVE-2025-7122
7.3 HIGH

A vulnerability was found in Campcodes Complaint Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. …

Jul 7, 2025
CVE-2025-6386
7.5 HIGH

The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid …

Jul 7, 2025
CVE-2025-3466
7.2 HIGH

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability …

Jul 7, 2025
CVE-2025-3262
7.5 HIGH

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular …

Jul 7, 2025
CVE-2025-3225
7.5 HIGH

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. …

Jul 7, 2025
CVE-2025-3046
7.5 HIGH

A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails …

Jul 7, 2025
CVE-2024-43334
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gavias Zilom zilom allows Reflected XSS.This issue affects Zilom: from n/a through < …

Jul 7, 2025
CVE-2025-7120
7.3 HIGH

A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

Jul 7, 2025
CVE-2025-7119
7.3 HIGH

A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

Jul 7, 2025
CVE-2025-7118
8.8 HIGH

A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the …

Jul 7, 2025
CVE-2025-7117
8.8 HIGH

A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation …

Jul 7, 2025
CVE-2025-7116
8.8 HIGH

A vulnerability classified as critical has been found in UTT 进取 750W up to 3.2.2-191225. This affects an unknown part of the file /goform/Fast_wireless_conf. The …

Jul 7, 2025
CVE-2025-7115
7.3 HIGH

A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of …

Jul 7, 2025
CVE-2025-7114
7.3 HIGH

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of …

Jul 7, 2025
CVE-2025-53473
7.3 HIGH

Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to …

Jul 7, 2025
CVE-2025-7145
7.2 HIGH

ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and …

Jul 7, 2025
CVE-2025-53169
7.6 HIGH

Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer …

Jul 7, 2025
CVE-2025-7097
8.1 HIGH

A vulnerability, which was classified as critical, has been found in Comodo Internet Security Premium 12.3.4.8162. This issue affects some unknown processing of the file …

Jul 6, 2025
CVE-2025-3108
7.5 HIGH

A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an …

Jul 6, 2025
CVE-2025-7096
8.1 HIGH

A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cis_update_x64.xml of the component …

Jul 6, 2025
CVE-2025-7094
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. Affected by this issue is the function formBSSetSitesurvey of the file …

Jul 6, 2025
CVE-2025-7093
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. Affected by this vulnerability is the function formSetLanguage of the file …

Jul 6, 2025
CVE-2025-7092
8.8 HIGH

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. This vulnerability affects the function formWlanSetupWPS of the file /goform/formWlanSetupWPS of the …

Jul 6, 2025
CVE-2025-7091
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. Affected is the function formWlanMP of the file /goform/formWlanMP of the …

Jul 6, 2025
CVE-2025-7090
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Belkin F9K1122 1.00.33. Affected by this issue is the function formConnectionSetting of the file …

Jul 6, 2025
CVE-2025-7089
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. This issue affects the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component …

Jul 6, 2025
CVE-2025-7088
8.8 HIGH

A vulnerability, which was classified as critical, was found in Belkin F9K1122 1.00.33. This affects the function formPPPoESetup of the file /goform/formPPPoESetup of the component …

Jul 6, 2025
CVE-2025-7087
8.8 HIGH

A vulnerability classified as critical was found in Belkin F9K1122 1.00.33. Affected by this vulnerability is the function formL2TPSetup of the file /goform/formL2TPSetup of the …

Jul 6, 2025
CVE-2025-7086
8.8 HIGH

A vulnerability classified as critical has been found in Belkin F9K1122 1.00.33. Affected is the function formPPTPSetup of the file /goform/formPPTPSetup of the component webs. …

Jul 6, 2025
CVE-2025-7085
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. This issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart of …

Jul 6, 2025
CVE-2025-7084
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. This vulnerability affects the function formWpsStart of the file /goform/formWpsStart of …

Jul 6, 2025
CVE-2025-7077
8.8 HIGH

A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. …

Jul 6, 2025
CVE-2025-27446
7.8 HIGH

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. …

Jul 6, 2025
CVE-2025-47227
7.5 HIGH

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST …

Jul 5, 2025
CVE-2025-53603
7.5 HIGH

In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the …

Jul 5, 2025
CVE-2025-43711
8.1 HIGH

Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file …

Jul 5, 2025
CVE-2025-53485
7.5 HIGH

SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in …

Jul 4, 2025
CVE-2025-53483
8.8 HIGH

ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. …

Jul 4, 2025
CVE-2025-53481
7.5 HIGH

Uncontrolled Resource Consumption vulnerability in Wikimedia Foundation Mediawiki - IPInfo Extension allows Excessive Allocation.This issue affects Mediawiki - IPInfo Extension: from 1.39.X before 1.39.13, from …

Jul 4, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.