CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-49182
7.5 HIGH

Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to …

Jun 12, 2025
CVE-2025-49181
8.6 HIGH

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP …

Jun 12, 2025
CVE-2025-6021
7.5 HIGH

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can …

Jun 12, 2025
CVE-2025-0673
7.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker …

Jun 12, 2025
CVE-2025-4278
8.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page …

Jun 12, 2025
CVE-2025-2254
8.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding …

Jun 12, 2025
CVE-2025-4613
8.8 HIGH

Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into …

Jun 12, 2025
CVE-2025-5012
8.8 HIGH

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type …

Jun 12, 2025
CVE-2025-35978
7.1 HIGH

Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local …

Jun 12, 2025
CVE-2025-25032
7.5 HIGH

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service …

Jun 11, 2025
CVE-2025-6002
7.2 HIGH

An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable …

Jun 11, 2025
CVE-2025-6001
8.3 HIGH

A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able …

Jun 11, 2025
CVE-2025-40915
7.0 HIGH

Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of …

Jun 11, 2025
CVE-2025-22874
7.5 HIGH

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

Jun 11, 2025
CVE-2025-49148
7.3 HIGH

ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and …

Jun 11, 2025
CVE-2025-49146
8.2 HIGH

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to …

Jun 11, 2025
CVE-2025-48447
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.

Jun 11, 2025
CVE-2025-48446
8.8 HIGH

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.

Jun 11, 2025
CVE-2025-48445
8.8 HIGH

Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.

Jun 11, 2025
CVE-2025-4922
8.1 HIGH

Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed …

Jun 11, 2025
CVE-2025-5687
7.8 HIGH

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other …

Jun 11, 2025
CVE-2025-3302
7.2 HIGH

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, …

Jun 11, 2025
CVE-2025-4315
8.8 HIGH

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is …

Jun 11, 2025
CVE-2025-41661
8.8 HIGH

An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.

Jun 11, 2025
CVE-2025-5395
8.8 HIGH

The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all …

Jun 11, 2025
CVE-2025-4799
7.2 HIGH

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from …

Jun 11, 2025
CVE-2024-1243
7.2 HIGH

Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key …

Jun 11, 2025
CVE-2025-5959
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 11, 2025
CVE-2025-5958
8.8 HIGH

Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jun 11, 2025
CVE-2025-4275
7.8 HIGH

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a …

Jun 11, 2025
CVE-2025-49091
8.2 HIGH

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or …

Jun 11, 2025
CVE-2025-32717
8.4 HIGH

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Jun 11, 2025
CVE-2024-9062
7.8 HIGH

The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. …

Jun 11, 2025
CVE-2024-7457
7.8 HIGH

The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes …

Jun 11, 2025
CVE-2025-5985
7.3 HIGH

A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation …

Jun 10, 2025
CVE-2025-47849
8.8 HIGH

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the …

Jun 10, 2025
CVE-2025-47713
8.8 HIGH

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the …

Jun 10, 2025
CVE-2025-46840
8.7 HIGH

Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low privileged attacker could …

Jun 10, 2025
CVE-2025-46837
8.7 HIGH

Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Jun 10, 2025
CVE-2025-26521
8.1 HIGH

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of …

Jun 10, 2025
CVE-2025-5980
7.3 HIGH

A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0. This vulnerability affects unknown code of the file /order.php. The manipulation of …

Jun 10, 2025
CVE-2025-5979
7.3 HIGH

A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The …

Jun 10, 2025
CVE-2025-5978
8.8 HIGH

A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation …

Jun 10, 2025
CVE-2025-35940
8.1 HIGH

The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected …

Jun 10, 2025
CVE-2025-5977
7.3 HIGH

A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /datatable.php. …

Jun 10, 2025
CVE-2025-3052
8.2 HIGH

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading …

Jun 10, 2025
CVE-2025-47107
7.8 HIGH

InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jun 10, 2025
CVE-2025-43577
7.8 HIGH

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the …

Jun 10, 2025
CVE-2025-43576
7.8 HIGH

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the …

Jun 10, 2025
CVE-2025-43575
7.8 HIGH

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context …

Jun 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.