CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-20113
7.1 HIGH

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on …

May 21, 2025
CVE-2025-4008
8.8 HIGH KEV

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI …

May 21, 2025
CVE-2025-48207
8.6 HIGH

The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.

May 21, 2025
CVE-2025-48205
8.6 HIGH

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.

May 21, 2025
CVE-2025-48201
8.6 HIGH

The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.

May 21, 2025
CVE-2025-27998
8.4 HIGH

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.

May 21, 2025
CVE-2025-27997
8.4 HIGH

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory.

May 21, 2025
CVE-2024-56429
7.7 HIGH

itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.

May 21, 2025
CVE-2025-48416
8.1 HIGH

An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. …

May 21, 2025
CVE-2025-40775
7.5 HIGH

When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm …

May 21, 2025
CVE-2025-4803
7.2 HIGH

The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and …

May 21, 2025
CVE-2025-48413
7.7 HIGH

The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is …

May 21, 2025
CVE-2025-1712
8.8 HIGH

Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files

May 21, 2025
CVE-2019-16536
8.8 HIGH

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.

May 21, 2025
CVE-2021-25255
7.5 HIGH

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.

May 21, 2025
CVE-2025-5008
7.3 HIGH

A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality …

May 20, 2025
CVE-2025-5006
7.3 HIGH

A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/category.php. …

May 20, 2025
CVE-2025-5004
7.3 HIGH

A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. …

May 20, 2025
CVE-2025-5003
7.3 HIGH

A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /semester_ajax.php. …

May 20, 2025
CVE-2025-5002
7.3 HIGH

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. …

May 20, 2025
CVE-2025-48391
7.7 HIGH

In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API

May 20, 2025
CVE-2025-37991
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash …

May 20, 2025
CVE-2025-22157
8.8 HIGH

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, …

May 20, 2025
CVE-2025-37981
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use is_kdump_kernel() to check for kdump The smartpqi driver checks the reset_devices variable …

May 20, 2025
CVE-2025-37979
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: …

May 20, 2025
CVE-2025-37975
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows rel[j] to access one element …

May 20, 2025
CVE-2025-37973
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element defragmentation …

May 20, 2025
CVE-2025-48018
7.5 HIGH

An authenticated user can modify application state data.

May 20, 2025
CVE-2025-48014
7.5 HIGH

Password guessing limits could be bypassed when using LDAP authentication.

May 20, 2025
CVE-2025-37957
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f ("KVM: x86: forcibly …

May 20, 2025
CVE-2025-37952
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file …

May 20, 2025
CVE-2025-37947
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write …

May 20, 2025
CVE-2025-37946
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: …

May 20, 2025
CVE-2025-37944
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the …

May 20, 2025
CVE-2025-37943
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets …

May 20, 2025
CVE-2025-37934
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Actually check if the passed pointers are valid, …

May 20, 2025
CVE-2025-37928
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and …

May 20, 2025
CVE-2025-37927
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which …

May 20, 2025
CVE-2025-37926
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_session_rpc_open A UAF issue can occur due to a race condition …

May 20, 2025
CVE-2025-37923
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in …

May 20, 2025
CVE-2025-37921
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: vxlan: vnifilter: Fix unlocked deletion of default FDB entry When a VNI is deleted from …

May 20, 2025
CVE-2025-37916
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: pds_core: remove write-after-free of client_id A use-after-free error popped up in stress testing: [Mon Apr …

May 20, 2025
CVE-2025-37915
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described …

May 20, 2025
CVE-2025-37914
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described …

May 20, 2025
CVE-2025-37913
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net_sched: qfq: Fix double list add in class with netem as child qdisc As described …

May 20, 2025
CVE-2025-37908
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab->obj_exts always When memory allocation profiling is disabled at runtime or …

May 20, 2025
CVE-2025-37903
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects …

May 20, 2025
CVE-2025-37899
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by …

May 20, 2025
CVE-2025-41225
8.8 HIGH

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this …

May 20, 2025
CVE-2025-26086
7.5 HIGH

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely …

May 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.