CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-6614
8.8 HIGH

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file …

Jun 25, 2025
CVE-2025-6612
7.3 HIGH

A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

Jun 25, 2025
CVE-2025-6611
7.3 HIGH

A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/createBrand.php. …

Jun 25, 2025
CVE-2025-49845
7.5 HIGH

Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups …

Jun 25, 2025
CVE-2025-25905
7.1 HIGH

Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter.

Jun 25, 2025
CVE-2024-27685
7.1 HIGH

SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to …

Jun 25, 2025
CVE-2025-48954
8.1 HIGH

Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social …

Jun 25, 2025
CVE-2025-5927
7.5 HIGH

The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all …

Jun 25, 2025
CVE-2025-49797
7.8 HIGH

Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for …

Jun 25, 2025
CVE-2025-41256
7.4 HIGH

Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is …

Jun 25, 2025
CVE-2025-41255
8.0 HIGH

Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current …

Jun 25, 2025
CVE-2024-51983
7.5 HIGH

An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken …

Jun 25, 2025
CVE-2024-51982
7.5 HIGH

An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The …

Jun 25, 2025
CVE-2024-51979
7.2 HIGH

An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS …

Jun 25, 2025
CVE-2025-36004
8.8 HIGH

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support …

Jun 25, 2025
CVE-2025-0966
7.6 HIGH

IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, …

Jun 25, 2025
CVE-2025-6580
7.3 HIGH

A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the component Login. The …

Jun 24, 2025
CVE-2025-6579
7.3 HIGH

A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

Jun 24, 2025
CVE-2025-6578
7.3 HIGH

A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the …

Jun 24, 2025
CVE-2025-52888
7.5 HIGH

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the …

Jun 24, 2025
CVE-2025-49852
7.5 HIGH

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from …

Jun 24, 2025
CVE-2024-56917
7.1 HIGH

Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.

Jun 24, 2025
CVE-2025-44531
7.5 HIGH

An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public …

Jun 24, 2025
CVE-2025-23265
7.8 HIGH

NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious …

Jun 24, 2025
CVE-2025-23264
7.8 HIGH

NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious …

Jun 24, 2025
CVE-2025-6568
8.8 HIGH

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP …

Jun 24, 2025
CVE-2025-6567
7.3 HIGH

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the …

Jun 24, 2025
CVE-2025-36537
7.0 HIGH

Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a …

Jun 24, 2025
CVE-2025-32978
7.5 HIGH

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch …

Jun 24, 2025
CVE-2025-32976
8.8 HIGH

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch …

Jun 24, 2025
CVE-2025-6032
8.3 HIGH

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI …

Jun 24, 2025
CVE-2025-5318
8.1 HIGH

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to …

Jun 24, 2025
CVE-2025-27828
7.1 HIGH

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated …

Jun 24, 2025
CVE-2025-27827
7.1 HIGH

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack …

Jun 24, 2025
CVE-2025-6565
8.8 HIGH

A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request …

Jun 24, 2025
CVE-2025-6436
8.1 HIGH

Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough …

Jun 24, 2025
CVE-2025-6435
8.1 HIGH

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been …

Jun 24, 2025
CVE-2025-6432
8.6 HIGH

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not …

Jun 24, 2025
CVE-2025-6426
8.8 HIGH

The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of …

Jun 24, 2025
CVE-2025-39202
7.3 HIGH

A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite …

Jun 24, 2025
CVE-2025-2403
7.5 HIGH

A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could …

Jun 24, 2025
CVE-2025-6206
7.5 HIGH

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file …

Jun 24, 2025
CVE-2025-3092
7.5 HIGH

An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.

Jun 24, 2025
CVE-2025-3091
7.5 HIGH

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s …

Jun 24, 2025
CVE-2025-3090
8.2 HIGH

An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.

Jun 24, 2025
CVE-2025-2962
7.5 HIGH

A denial-of-service issue in the dns implemenation could cause an infinite loop.

Jun 24, 2025
CVE-2025-41427
8.8 HIGH

WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If …

Jun 24, 2025
CVE-2025-52566
8.6 HIGH

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer …

Jun 24, 2025
CVE-2025-52574
7.5 HIGH

SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. …

Jun 24, 2025
CVE-2025-52560
8.1 HIGH

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs …

Jun 24, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.