CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-21427
8.2 HIGH

Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.

Jul 8, 2025
CVE-2025-21422
7.1 HIGH

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

Jul 8, 2025
CVE-2025-7176
7.3 HIGH

A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of …

Jul 8, 2025
CVE-2025-40718
7.5 HIGH

Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate …

Jul 8, 2025
CVE-2025-7174
7.3 HIGH

A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file /teacher-issue-book.php. The manipulation …

Jul 8, 2025
CVE-2025-41224
8.8 HIGH

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions …

Jul 8, 2025
CVE-2025-40741
7.8 HIGH

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while …

Jul 8, 2025
CVE-2025-40740
7.8 HIGH

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past …

Jul 8, 2025
CVE-2025-40739
7.8 HIGH

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past …

Jul 8, 2025
CVE-2025-40738
8.8 HIGH

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP …

Jul 8, 2025
CVE-2025-40737
8.8 HIGH

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP …

Jul 8, 2025
CVE-2025-40735
8.8 HIGH

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated …

Jul 8, 2025
CVE-2025-23365
7.8 HIGH

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files …

Jul 8, 2025
CVE-2025-21006
7.0 HIGH

Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.

Jul 8, 2025
CVE-2024-31854
8.1 HIGH

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a …

Jul 8, 2025
CVE-2024-31853
8.1 HIGH

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a …

Jul 8, 2025
CVE-2023-52236
7.0 HIGH

A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All …

Jul 8, 2025
CVE-2025-7173
7.3 HIGH

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-student.php. The manipulation …

Jul 8, 2025
CVE-2025-7172
7.3 HIGH

A vulnerability, which was classified as critical, was found in code-projects Crime Reporting System 1.0. This affects an unknown part of the file /headlogin.php. The …

Jul 8, 2025
CVE-2025-6744
7.3 HIGH

The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the …

Jul 8, 2025
CVE-2025-7171
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Crime Reporting System 1.0. Affected by this issue is some unknown functionality of …

Jul 8, 2025
CVE-2025-7170
7.3 HIGH

A vulnerability classified as critical was found in code-projects Crime Reporting System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. …

Jul 8, 2025
CVE-2025-7169
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Crime Reporting System 1.0. Affected is an unknown function of the file /complainer_page.php. The manipulation …

Jul 8, 2025
CVE-2025-7168
7.3 HIGH

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

Jul 8, 2025
CVE-2025-38236
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unix_stream_read_generic(). The …

Jul 8, 2025
CVE-2025-6746
8.8 HIGH

The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes …

Jul 8, 2025
CVE-2025-41668
8.8 HIGH

A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and …

Jul 8, 2025
CVE-2025-41667
8.8 HIGH

A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access …

Jul 8, 2025
CVE-2025-41666
8.8 HIGH

A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to …

Jul 8, 2025
CVE-2025-25271
8.8 HIGH

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.

Jul 8, 2025
CVE-2025-25269
8.4 HIGH

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

Jul 8, 2025
CVE-2025-25268
8.8 HIGH

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

Jul 8, 2025
CVE-2025-24006
7.8 HIGH

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.

Jul 8, 2025
CVE-2025-24005
7.8 HIGH

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.

Jul 8, 2025
CVE-2025-24003
8.2 HIGH

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of …

Jul 8, 2025
CVE-2025-7327
8.8 HIGH

The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. …

Jul 8, 2025
CVE-2025-7165
7.3 HIGH

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …

Jul 8, 2025
CVE-2025-7164
7.3 HIGH

A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of …

Jul 8, 2025
CVE-2025-7160
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. This affects an unknown part of the file /admin/index.php. The manipulation …

Jul 8, 2025
CVE-2025-7157
7.3 HIGH

A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. …

Jul 8, 2025
CVE-2025-20686
8.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code …

Jul 8, 2025
CVE-2025-20685
8.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code …

Jul 8, 2025
CVE-2025-7146
7.5 HIGH

The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file.

Jul 8, 2025
CVE-2025-7155
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard …

Jul 8, 2025
CVE-2025-42959
8.1 HIGH

An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused …

Jul 8, 2025
CVE-2025-42953
8.1 HIGH

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity …

Jul 8, 2025
CVE-2025-42952
7.7 HIGH

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system …

Jul 8, 2025
CVE-2025-7147
7.3 HIGH

A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of …

Jul 7, 2025
CVE-2025-53539
7.5 HIGH

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses …

Jul 7, 2025
CVE-2025-53536
8.1 HIGH

Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts …

Jul 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.