CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-32718
7.8 HIGH

Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.

Jun 10, 2025
CVE-2025-32716
7.8 HIGH

Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.

Jun 10, 2025
CVE-2025-32714
7.8 HIGH

Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.

Jun 10, 2025
CVE-2025-32713
7.8 HIGH

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Jun 10, 2025
CVE-2025-32712
7.8 HIGH

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Jun 10, 2025
CVE-2025-32710
8.1 HIGH

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

Jun 10, 2025
CVE-2025-31104
7.2 HIGH

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 …

Jun 10, 2025
CVE-2025-30317
7.8 HIGH

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 10, 2025
CVE-2025-29828
8.1 HIGH

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.

Jun 10, 2025
CVE-2024-43706
7.6 HIGH

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.

Jun 10, 2025
CVE-2023-20599
7.9 HIGH

Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in …

Jun 10, 2025
CVE-2025-49142
7.1 HIGH

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially …

Jun 10, 2025
CVE-2025-47110
8.4 HIGH

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a …

Jun 10, 2025
CVE-2025-44044
7.5 HIGH

Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into parsing maliciously crafted …

Jun 10, 2025
CVE-2025-43586
8.1 HIGH

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A …

Jun 10, 2025
CVE-2025-43585
8.2 HIGH

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. …

Jun 10, 2025
CVE-2025-40591
7.7 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions …

Jun 10, 2025
CVE-2025-5353
8.8 HIGH

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.

Jun 10, 2025
CVE-2025-5335
7.8 HIGH

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in …

Jun 10, 2025
CVE-2025-46612
7.2 HIGH

The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To …

Jun 10, 2025
CVE-2025-37100
7.7 HIGH

A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow …

Jun 10, 2025
CVE-2025-30145
7.5 HIGH

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as …

Jun 10, 2025
CVE-2025-26395
7.1 HIGH

SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an …

Jun 10, 2025
CVE-2025-22463
7.3 HIGH

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.

Jun 10, 2025
CVE-2025-22455
8.8 HIGH

A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.

Jun 10, 2025
CVE-2024-29198
7.5 HIGH

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side …

Jun 10, 2025
CVE-2025-49511
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through <= 2.1.6.

Jun 10, 2025
CVE-2025-49454
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue …

Jun 10, 2025
CVE-2025-43701
7.5 HIGH

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254.

Jun 10, 2025
CVE-2025-43700
7.5 HIGH

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025.

Jun 10, 2025
CVE-2025-43697
7.5 HIGH

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025

Jun 10, 2025
CVE-2024-13090
7.0 HIGH

A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, …

Jun 10, 2025
CVE-2024-13089
7.2 HIGH

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may …

Jun 10, 2025
CVE-2025-40662
7.5 HIGH

Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.

Jun 10, 2025
CVE-2025-40661
7.5 HIGH

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting …

Jun 10, 2025
CVE-2025-40660
7.5 HIGH

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting …

Jun 10, 2025
CVE-2025-40659
7.5 HIGH

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting …

Jun 10, 2025
CVE-2025-40658
7.5 HIGH

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting …

Jun 10, 2025
CVE-2025-5740
7.2 HIGH

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on …

Jun 10, 2025
CVE-2025-27819
7.5 HIGH

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is …

Jun 10, 2025
CVE-2025-27818
8.8 HIGH

A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and …

Jun 10, 2025
CVE-2025-27817
7.5 HIGH

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER …

Jun 10, 2025
CVE-2025-4954
8.8 HIGH

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload …

Jun 10, 2025
CVE-2025-4840
7.5 HIGH

The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action …

Jun 10, 2025
CVE-2025-5952
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file …

Jun 10, 2025
CVE-2025-5934
8.8 HIGH

A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. …

Jun 10, 2025
CVE-2025-5913
7.3 HIGH

A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the …

Jun 10, 2025
CVE-2025-5912
8.8 HIGH

A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST …

Jun 10, 2025
CVE-2025-4601
8.8 HIGH

The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is …

Jun 10, 2025
CVE-2025-4387
8.8 HIGH

The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in …

Jun 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.