CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-21485
7.8 HIGH

Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.

Jun 3, 2025
CVE-2025-21480
8.6 HIGH KEV

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Jun 3, 2025
CVE-2025-21463
7.5 HIGH

Transient DOS while processing the EHT operation IE in the received beacon frame.

Jun 3, 2025
CVE-2024-53026
8.2 HIGH

Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.

Jun 3, 2025
CVE-2024-53021
8.2 HIGH

Information disclosure may occur while processing goodbye RTCP packet from network.

Jun 3, 2025
CVE-2024-53020
8.2 HIGH

Information disclosure may occur while decoding the RTP packet with invalid header extension from network.

Jun 3, 2025
CVE-2024-53019
8.2 HIGH

Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.

Jun 3, 2025
CVE-2024-53010
7.8 HIGH

Memory corruption may occur while attaching VM when the HLOS retains access to VM.

Jun 3, 2025
CVE-2025-4224
7.2 HIGH

The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and …

Jun 3, 2025
CVE-2025-5419
8.8 HIGH KEV

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a …

Jun 3, 2025
CVE-2025-5068
8.8 HIGH

Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jun 3, 2025
CVE-2025-23105
7.8 HIGH

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.

Jun 2, 2025
CVE-2025-1051
8.8 HIGH

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. …

Jun 2, 2025
CVE-2025-27956
7.5 HIGH

Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.

Jun 2, 2025
CVE-2025-20298
8.0 HIGH

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result …

Jun 2, 2025
CVE-2025-5036
7.8 HIGH

A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to …

Jun 2, 2025
CVE-2025-48940
7.2 HIGH

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to …

Jun 2, 2025
CVE-2025-48866
7.5 HIGH

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of …

Jun 2, 2025
CVE-2025-45542
7.3 HIGH

SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL …

Jun 2, 2025
CVE-2024-57459
7.3 HIGH

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an …

Jun 2, 2025
CVE-2024-54028
8.4 HIGH

An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory …

Jun 2, 2025
CVE-2024-52035
8.4 HIGH

An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to …

Jun 2, 2025
CVE-2024-48877
8.4 HIGH

A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead …

Jun 2, 2025
CVE-2025-37091
7.2 HIGH

A command injection remote code execution vulnerability exists in HPE StoreOnce Software.

Jun 2, 2025
CVE-2024-57783
8.1 HIGH

The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with …

Jun 2, 2025
CVE-2025-26396
7.8 HIGH

The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a …

Jun 2, 2025
CVE-2024-12168
7.8 HIGH

Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.

Jun 2, 2025
CVE-2025-48957
7.5 HIGH

AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, …

Jun 2, 2025
CVE-2025-29785
7.5 HIGH

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release …

Jun 2, 2025
CVE-2025-1246
7.8 HIGH

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, …

Jun 2, 2025
CVE-2025-0819
7.8 HIGH

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel …

Jun 2, 2025
CVE-2025-0073
7.8 HIGH

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user …

Jun 2, 2025
CVE-2025-3260
8.3 HIGH

A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). …

Jun 2, 2025
CVE-2025-5435
7.3 HIGH

A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The …

Jun 2, 2025
CVE-2025-0358
8.8 HIGH

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege …

Jun 2, 2025
CVE-2025-5434
7.3 HIGH

A vulnerability was found in Aem Solutions CMS up to 1.0. It has been classified as critical. This affects an unknown part of the file …

Jun 2, 2025
CVE-2025-25179
7.8 HIGH

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.

Jun 2, 2025
CVE-2024-11857
7.8 HIGH

Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as …

Jun 2, 2025
CVE-2025-5409
7.3 HIGH

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file …

Jun 1, 2025
CVE-2025-5402
7.3 HIGH

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of …

Jun 1, 2025
CVE-2025-5401
7.3 HIGH

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of …

Jun 1, 2025
CVE-2025-5400
7.3 HIGH

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been classified as critical. Affected is an unknown function of the file /user.php …

Jun 1, 2025
CVE-2025-5376
7.3 HIGH

A vulnerability was found in SourceCodester Health Center Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an …

May 31, 2025
CVE-2025-4857
7.2 HIGH

The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes …

May 31, 2025
CVE-2025-5371
7.3 HIGH

A vulnerability, which was classified as critical, has been found in SourceCodester Health Center Patient Record Management System 1.0. Affected by this issue is some …

May 31, 2025
CVE-2025-4672
8.8 HIGH

The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to …

May 31, 2025
CVE-2025-4103
8.8 HIGH

The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. …

May 31, 2025
CVE-2025-5370
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The …

May 31, 2025
CVE-2025-5369
7.3 HIGH

A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown function of the file /login.php. …

May 31, 2025
CVE-2025-5367
7.3 HIGH

A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file …

May 31, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.