CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-7097
8.1 HIGH

A vulnerability, which was classified as critical, has been found in Comodo Internet Security Premium 12.3.4.8162. This issue affects some unknown processing of the file …

Jul 6, 2025
CVE-2025-3108
7.5 HIGH

A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an …

Jul 6, 2025
CVE-2025-7096
8.1 HIGH

A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cis_update_x64.xml of the component …

Jul 6, 2025
CVE-2025-7094
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. Affected by this issue is the function formBSSetSitesurvey of the file …

Jul 6, 2025
CVE-2025-7093
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. Affected by this vulnerability is the function formSetLanguage of the file …

Jul 6, 2025
CVE-2025-7092
8.8 HIGH

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. This vulnerability affects the function formWlanSetupWPS of the file /goform/formWlanSetupWPS of the …

Jul 6, 2025
CVE-2025-7091
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. Affected is the function formWlanMP of the file /goform/formWlanMP of the …

Jul 6, 2025
CVE-2025-7090
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Belkin F9K1122 1.00.33. Affected by this issue is the function formConnectionSetting of the file …

Jul 6, 2025
CVE-2025-7089
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. This issue affects the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component …

Jul 6, 2025
CVE-2025-7088
8.8 HIGH

A vulnerability, which was classified as critical, was found in Belkin F9K1122 1.00.33. This affects the function formPPPoESetup of the file /goform/formPPPoESetup of the component …

Jul 6, 2025
CVE-2025-7087
8.8 HIGH

A vulnerability classified as critical was found in Belkin F9K1122 1.00.33. Affected by this vulnerability is the function formL2TPSetup of the file /goform/formL2TPSetup of the …

Jul 6, 2025
CVE-2025-7086
8.8 HIGH

A vulnerability classified as critical has been found in Belkin F9K1122 1.00.33. Affected is the function formPPTPSetup of the file /goform/formPPTPSetup of the component webs. …

Jul 6, 2025
CVE-2025-7085
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. This issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart of …

Jul 6, 2025
CVE-2025-7084
8.8 HIGH

A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. This vulnerability affects the function formWpsStart of the file /goform/formWpsStart of …

Jul 6, 2025
CVE-2025-7077
8.8 HIGH

A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. …

Jul 6, 2025
CVE-2025-27446
7.8 HIGH

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. …

Jul 6, 2025
CVE-2025-47227
7.5 HIGH

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST …

Jul 5, 2025
CVE-2025-53603
7.5 HIGH

In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the …

Jul 5, 2025
CVE-2025-43711
8.1 HIGH

Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file …

Jul 5, 2025
CVE-2025-53485
7.5 HIGH

SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in …

Jul 4, 2025
CVE-2025-53483
8.8 HIGH

ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. …

Jul 4, 2025
CVE-2025-53481
7.5 HIGH

Uncontrolled Resource Consumption vulnerability in Wikimedia Foundation Mediawiki - IPInfo Extension allows Excessive Allocation.This issue affects Mediawiki - IPInfo Extension: from 1.39.X before 1.39.13, from …

Jul 4, 2025
CVE-2025-52496
7.8 HIGH

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES …

Jul 4, 2025
CVE-2025-46733
7.9 HIGH

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In …

Jul 4, 2025
CVE-2025-38233
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix clobbered r15 during livepatching While r15 is clobbered always with PPC_FTRACE_OUT_OF_LINE, it is …

Jul 4, 2025
CVE-2025-38230
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in …

Jul 4, 2025
CVE-2025-38227
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in …

Jul 4, 2025
CVE-2025-38226
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds …

Jul 4, 2025
CVE-2025-38224
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: can: kvaser_pciefd: refine error prone echo_skb_max handling logic echo_skb_max should define the supported upper limit …

Jul 4, 2025
CVE-2025-38221
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ext4: fix out of bounds punch offset Punching a hole with a start offset that …

Jul 4, 2025
CVE-2025-38216
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 ("iommu/vt-d: Add support for …

Jul 4, 2025
CVE-2025-38212
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free …

Jul 4, 2025
CVE-2025-38211
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id …

Jul 4, 2025
CVE-2025-38209
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: remove tag set when second admin queue config fails Commit 104d0e2f6222 ("nvme-fabrics: reset admin …

Jul 4, 2025
CVE-2025-38206
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. …

Jul 4, 2025
CVE-2025-38204
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into …

Jul 4, 2025
CVE-2025-38201
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit …

Jul 4, 2025
CVE-2025-38198
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write …

Jul 4, 2025
CVE-2025-38187
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() The RPC container is released after being passed to …

Jul 4, 2025
CVE-2025-38183
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Before calling lan743x_ptp_io_event_clock_get(), the 'channel' value is …

Jul 4, 2025
CVE-2025-38182
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for …

Jul 4, 2025
CVE-2025-38180
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it …

Jul 4, 2025
CVE-2025-38179
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma() This fixes the following problem: [ 749.901015] [ …

Jul 4, 2025
CVE-2025-49809
7.8 HIGH

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have …

Jul 4, 2025
CVE-2025-52828
8.8 HIGH

Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through <= 3.8.

Jul 4, 2025
CVE-2025-52813
8.1 HIGH

Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.

Jul 4, 2025
CVE-2025-52807
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme kossy allows …

Jul 4, 2025
CVE-2025-52805
7.5 HIGH

Path Traversal: '.../...//' vulnerability in VaultDweller Leyka leyka allows PHP Local File Inclusion.This issue affects Leyka: from n/a through <= 3.32.1.

Jul 4, 2025
CVE-2025-52798
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through < …

Jul 4, 2025
CVE-2025-52796
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14.

Jul 4, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.