CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-5365
7.3 HIGH

A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file …

May 31, 2025
CVE-2025-5364
7.3 HIGH

A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …

May 30, 2025
CVE-2025-5363
7.3 HIGH

A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of …

May 30, 2025
CVE-2025-5362
7.3 HIGH

A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/doctor-specilization.php. …

May 30, 2025
CVE-2025-5361
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. This issue affects some unknown processing of the …

May 30, 2025
CVE-2025-5360
7.3 HIGH

A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /book-appointment.php. The manipulation …

May 30, 2025
CVE-2025-2503
7.1 HIGH

An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated …

May 30, 2025
CVE-2025-2502
7.8 HIGH

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

May 30, 2025
CVE-2025-2501
7.8 HIGH

An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

May 30, 2025
CVE-2025-5359
7.3 HIGH

A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /appointment-history.php. The …

May 30, 2025
CVE-2025-5358
7.3 HIGH

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality …

May 30, 2025
CVE-2025-5357
7.3 HIGH

A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the …

May 30, 2025
CVE-2025-5356
7.3 HIGH

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component BYE Command …

May 30, 2025
CVE-2025-4992
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker …

May 30, 2025
CVE-2025-4991
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to …

May 30, 2025
CVE-2025-4990
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute …

May 30, 2025
CVE-2025-4989
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary …

May 30, 2025
CVE-2025-4988
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to …

May 30, 2025
CVE-2025-4986
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute …

May 30, 2025
CVE-2025-4985
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to …

May 30, 2025
CVE-2025-4984
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code …

May 30, 2025
CVE-2025-4983
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code …

May 30, 2025
CVE-2025-0602
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute …

May 30, 2025
CVE-2025-48331
7.5 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-customers-exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders …

May 30, 2025
CVE-2025-4433
8.8 HIGH

Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" …

May 30, 2025
CVE-2025-2500
7.4 HIGH

A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to …

May 30, 2025
CVE-2025-5190
8.8 HIGH

The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking …

May 30, 2025
CVE-2025-1763
8.7 HIGH

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, …

May 30, 2025
CVE-2025-4636
7.8 HIGH

Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would …

May 30, 2025
CVE-2025-48936
8.1 HIGH

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the …

May 30, 2025
CVE-2025-48492
8.8 HIGH

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject …

May 30, 2025
CVE-2025-47697
7.5 HIGH

Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device …

May 30, 2025
CVE-2025-41385
7.2 HIGH

An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a …

May 30, 2025
CVE-2025-48881
8.3 HIGH

Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management …

May 30, 2025
CVE-2025-41235
8.6 HIGH

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.

May 30, 2025
CVE-2025-48477
8.1 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence …

May 30, 2025
CVE-2025-48476
8.8 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there …

May 30, 2025
CVE-2025-44906
7.8 HIGH

jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.

May 30, 2025
CVE-2025-44905
8.8 HIGH

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.

May 30, 2025
CVE-2025-44904
8.8 HIGH

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.

May 30, 2025
CVE-2025-44614
7.5 HIGH

Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.

May 30, 2025
CVE-2024-12224
8.8 HIGH

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part …

May 30, 2025
CVE-2025-5332
7.3 HIGH

A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. …

May 29, 2025
CVE-2025-5331
7.3 HIGH

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. …

May 29, 2025
CVE-2025-5330
7.3 HIGH

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. …

May 29, 2025
CVE-2025-5307
7.8 HIGH

Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary …

May 29, 2025
CVE-2025-31189
8.2 HIGH

A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app …

May 29, 2025
CVE-2024-54952
7.5 HIGH

MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a …

May 29, 2025
CVE-2025-46701
7.3 HIGH

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of …

May 29, 2025
CVE-2025-48475
8.1 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of …

May 29, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.