CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-6463
8.8 HIGH

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file …

Jul 2, 2025
CVE-2025-6459
8.8 HIGH

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, …

Jul 2, 2025
CVE-2025-6437
7.5 HIGH

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up …

Jul 2, 2025
CVE-2025-5817
7.2 HIGH

The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). …

Jul 2, 2025
CVE-2025-5339
7.5 HIGH

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsa_pro_id’ parameter in all versions …

Jul 2, 2025
CVE-2025-5014
8.8 HIGH

The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the …

Jul 2, 2025
CVE-2025-4381
7.5 HIGH

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’ variable of the getSpace() function …

Jul 2, 2025
CVE-2025-4380
8.1 HIGH

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, …

Jul 2, 2025
CVE-2025-36630
8.4 HIGH

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with …

Jul 2, 2025
CVE-2025-49741
7.4 HIGH

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Jul 1, 2025
CVE-2025-48379
7.1 HIGH

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded …

Jul 1, 2025
CVE-2025-53107
7.5 HIGH

@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized …

Jul 1, 2025
CVE-2025-45081
8.8 HIGH

Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data.

Jul 1, 2025
CVE-2025-34081
7.5 HIGH

The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive data useful for an attacker.This …

Jul 1, 2025
CVE-2025-6297
8.2 HIGH

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being …

Jul 1, 2025
CVE-2025-6963
7.3 HIGH

A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /myprofile.php. The …

Jul 1, 2025
CVE-2025-6962
7.3 HIGH

A vulnerability, which was classified as critical, was found in Campcodes Employee Management System 1.0. This affects an unknown part of the file /myprofileup.php. The …

Jul 1, 2025
CVE-2025-6961
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Campcodes Employee Management System 1.0. Affected by this issue is some unknown functionality of …

Jul 1, 2025
CVE-2025-6960
7.3 HIGH

A vulnerability classified as critical was found in Campcodes Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /empproject.php. …

Jul 1, 2025
CVE-2025-6959
7.3 HIGH

A vulnerability classified as critical has been found in Campcodes Employee Management System 1.0. Affected is an unknown function of the file /eloginwel.php. The manipulation …

Jul 1, 2025
CVE-2025-6958
7.3 HIGH

A vulnerability was found in Campcodes Employee Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

Jul 1, 2025
CVE-2025-6957
7.3 HIGH

A vulnerability was found in Campcodes Employee Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /process/eprocess.php. …

Jul 1, 2025
CVE-2025-53099
7.5 HIGH

Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can …

Jul 1, 2025
CVE-2025-37098
7.5 HIGH

A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

Jul 1, 2025
CVE-2025-6956
7.3 HIGH

A vulnerability was found in Campcodes Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /changepassemp.php. …

Jul 1, 2025
CVE-2025-6955
7.3 HIGH

A vulnerability was found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

Jul 1, 2025
CVE-2025-6954
7.3 HIGH

A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

Jul 1, 2025
CVE-2025-6953
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component …

Jul 1, 2025
CVE-2025-37097
7.5 HIGH

A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service

Jul 1, 2025
CVE-2025-49480
7.4 HIGH

Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Jul 1, 2025
CVE-2025-49492
7.4 HIGH

Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Jul 1, 2025
CVE-2025-6940
8.8 HIGH

A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the …

Jul 1, 2025
CVE-2025-6939
8.8 HIGH

A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP …

Jul 1, 2025
CVE-2025-6938
7.3 HIGH

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the …

Jul 1, 2025
CVE-2024-46992
7.8 HIGH

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to …

Jul 1, 2025
CVE-2025-6937
7.3 HIGH

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file …

Jul 1, 2025
CVE-2025-6936
7.3 HIGH

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file …

Jul 1, 2025
CVE-2025-6935
7.3 HIGH

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …

Jul 1, 2025
CVE-2025-6554
8.1 HIGH KEV

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security …

Jun 30, 2025
CVE-2025-49521
8.8 HIGH

A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. …

Jun 30, 2025
CVE-2025-49520
8.8 HIGH

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows …

Jun 30, 2025
CVE-2025-52995
8.0 HIGH

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior …

Jun 30, 2025
CVE-2025-36593
8.8 HIGH

Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access …

Jun 30, 2025
CVE-2025-6917
7.3 HIGH

A vulnerability has been found in code-projects Online Hotel Booking 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/registration.php. The …

Jun 30, 2025
CVE-2025-52898
8.8 HIGH

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access …

Jun 30, 2025
CVE-2025-6916
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of …

Jun 30, 2025
CVE-2025-52895
7.5 HIGH

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could …

Jun 30, 2025
CVE-2025-45143
7.0 HIGH

string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.

Jun 30, 2025
CVE-2024-53621
7.5 HIGH

A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted …

Jun 30, 2025
CVE-2025-6907
7.3 HIGH

A vulnerability classified as critical was found in code-projects Car Rental System 1.0. This vulnerability affects unknown code of the file /book_car.php. The manipulation of …

Jun 30, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.