CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-47726
7.3 HIGH

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Jun 4, 2025
CVE-2025-47725
7.3 HIGH

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Jun 4, 2025
CVE-2025-47724
7.3 HIGH

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Jun 4, 2025
CVE-2024-13967
8.8 HIGH

This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue …

Jun 4, 2025
CVE-2025-5575
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file /add-product.php. The …

Jun 4, 2025
CVE-2025-5574
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file /add-company.php. …

Jun 4, 2025
CVE-2025-5572
8.8 HIGH

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file …

Jun 4, 2025
CVE-2025-5562
7.3 HIGH

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality …

Jun 4, 2025
CVE-2025-5561
7.3 HIGH

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality …

Jun 4, 2025
CVE-2024-31127
7.3 HIGH

An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges.

Jun 4, 2025
CVE-2025-5560
7.3 HIGH

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been classified as critical. Affected is an unknown function of the file …

Jun 4, 2025
CVE-2025-5553
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file …

Jun 4, 2025
CVE-2025-5551
7.3 HIGH

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command …

Jun 4, 2025
CVE-2025-5550
7.3 HIGH

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component PBSZ …

Jun 4, 2025
CVE-2025-5549
7.3 HIGH

A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component …

Jun 4, 2025
CVE-2025-5548
7.3 HIGH

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. …

Jun 4, 2025
CVE-2025-5547
7.3 HIGH

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component CDUP …

Jun 4, 2025
CVE-2025-5527
8.8 HIGH

A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The …

Jun 3, 2025
CVE-2025-48999
8.8 HIGH

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious …

Jun 3, 2025
CVE-2025-35036
7.3 HIGH

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression …

Jun 3, 2025
CVE-2025-23100
7.5 HIGH

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of …

Jun 3, 2025
CVE-2025-23098
7.8 HIGH

An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege …

Jun 3, 2025
CVE-2025-5522
7.3 HIGH

A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown …

Jun 3, 2025
CVE-2025-48998
8.8 HIGH

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users …

Jun 3, 2025
CVE-2025-48950
8.8 HIGH

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such …

Jun 3, 2025
CVE-2025-23102
8.8 HIGH

An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380, 1480 and 2400. A Double Free in the mobile …

Jun 3, 2025
CVE-2025-5512
7.3 HIGH

A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of …

Jun 3, 2025
CVE-2025-30167
7.3 HIGH

Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared …

Jun 3, 2025
CVE-2025-23107
8.6 HIGH

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

Jun 3, 2025
CVE-2025-25021
7.2 HIGH

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management …

Jun 3, 2025
CVE-2025-23103
8.6 HIGH

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

Jun 3, 2025
CVE-2025-5503
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of …

Jun 3, 2025
CVE-2025-36564
7.8 HIGH

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to …

Jun 3, 2025
CVE-2025-5499
7.3 HIGH

A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation …

Jun 3, 2025
CVE-2025-46154
8.4 HIGH

Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php.

Jun 3, 2025
CVE-2025-5495
7.3 HIGH

A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The …

Jun 3, 2025
CVE-2025-4435
7.5 HIGH

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. …

Jun 3, 2025
CVE-2025-4330
7.5 HIGH

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are …

Jun 3, 2025
CVE-2025-4138
7.5 HIGH

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are …

Jun 3, 2025
CVE-2025-4392
7.2 HIGH

The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads …

Jun 3, 2025
CVE-2025-31359
8.8 HIGH

A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by …

Jun 3, 2025
CVE-2024-54189
7.8 HIGH

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine …

Jun 3, 2025
CVE-2024-52561
7.8 HIGH

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine …

Jun 3, 2025
CVE-2024-36486
7.8 HIGH

A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine …

Jun 3, 2025
CVE-2025-46355
7.3 HIGH

Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where …

Jun 3, 2025
CVE-2025-21479
8.6 HIGH KEV

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Jun 3, 2025
CVE-2025-27038
7.5 HIGH KEV

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Jun 3, 2025
CVE-2025-27031
7.8 HIGH

memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.

Jun 3, 2025
CVE-2025-27029
7.5 HIGH

Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.

Jun 3, 2025
CVE-2025-21486
7.8 HIGH

Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.

Jun 3, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.