CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-7435
3.5 LOW

A vulnerability was found in LiveHelperChat lhc-php-resque Extension up to ee1270b35625f552425e32a6a3061cd54b5085c4. It has been classified as problematic. This affects an unknown part of the file …

Jul 11, 2025
CVE-2025-49462
3.5 LOW

Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

Jul 10, 2025
CVE-2025-27889
3.4 LOW

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If …

Jul 10, 2025
CVE-2025-7408
3.5 LOW

A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The …

Jul 10, 2025
CVE-2025-27613
3.6 LOW

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, …

Jul 10, 2025
CVE-2025-6168
2.7 LOW

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers …

Jul 10, 2025
CVE-2025-4972
2.7 LOW

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users …

Jul 10, 2025
CVE-2023-50458
3.5 LOW

In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.

Jul 10, 2025
CVE-2025-7215
1.6 LOW

A vulnerability, which was classified as problematic, has been found in FNKvision FNK-GU2 up to 40.1.7. Affected by this issue is some unknown functionality of …

Jul 9, 2025
CVE-2025-7214
1.6 LOW

A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow …

Jul 9, 2025
CVE-2025-7209
3.3 LOW

A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the …

Jul 9, 2025
CVE-2025-7207
3.3 LOW

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the …

Jul 9, 2025
CVE-2025-49546
2.4 LOW

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged …

Jul 8, 2025
CVE-2025-49760
3.5 LOW

External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.

Jul 8, 2025
CVE-2025-49756
3.3 LOW

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.

Jul 8, 2025
CVE-2025-49731
3.1 LOW

Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

Jul 8, 2025
CVE-2024-36349
3.8 LOW

A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting …

Jul 8, 2025
CVE-2024-36348
3.8 LOW

A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, …

Jul 8, 2025
CVE-2025-24474
2.7 LOW

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all …

Jul 8, 2025
CVE-2025-42978
3.5 LOW

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for …

Jul 8, 2025
CVE-2025-42954
2.7 LOW

SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any …

Jul 8, 2025
CVE-2025-7153
3.5 LOW

A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file …

Jul 8, 2025
CVE-2025-7148
3.5 LOW

A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the …

Jul 7, 2025
CVE-2025-7144
2.4 LOW

A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /panel/admin-profile.php …

Jul 7, 2025
CVE-2025-7143
2.4 LOW

A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php …

Jul 7, 2025
CVE-2025-7142
2.4 LOW

A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality …

Jul 7, 2025
CVE-2025-7141
2.4 LOW

A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file …

Jul 7, 2025
CVE-2025-7140
2.4 LOW

A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of …

Jul 7, 2025
CVE-2025-7139
2.4 LOW

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the …

Jul 7, 2025
CVE-2025-20325
3.1 LOW

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the …

Jul 7, 2025
CVE-2025-3777
3.5 LOW

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL …

Jul 7, 2025
CVE-2025-7113
3.5 LOW

A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the …

Jul 7, 2025
CVE-2025-7112
3.5 LOW

A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component …

Jul 7, 2025
CVE-2025-7111
3.5 LOW

A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the component …

Jul 7, 2025
CVE-2025-7110
3.5 LOW

A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component …

Jul 7, 2025
CVE-2025-7109
3.5 LOW

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file …

Jul 7, 2025
CVE-2025-53177
3.9 LOW

Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches.

Jul 7, 2025
CVE-2025-53176
3.3 LOW

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Jul 7, 2025
CVE-2025-7095
3.7 LOW

A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The …

Jul 6, 2025
CVE-2025-7080
3.7 LOW

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of …

Jul 6, 2025
CVE-2025-7079
3.7 LOW

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file …

Jul 6, 2025
CVE-2025-7069
3.3 LOW

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to …

Jul 4, 2025
CVE-2025-7068
3.3 LOW

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation …

Jul 4, 2025
CVE-2025-7067
3.3 LOW

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based …

Jul 4, 2025
CVE-2025-7061
2.7 LOW

A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. …

Jul 4, 2025
CVE-2025-7053
3.5 LOW

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. …

Jul 4, 2025
CVE-2025-49005
3.7 LOW

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to …

Jul 3, 2025
CVE-2025-6943
3.8 LOW

Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.

Jul 2, 2025
CVE-2025-6942
3.8 LOW

The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow …

Jul 2, 2025
CVE-2025-53492
3.7 LOW

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects …

Jul 2, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.