CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-13914
7.2 HIGH

The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 …

May 15, 2025
CVE-2025-3053
8.8 HIGH

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, …

May 15, 2025
CVE-2025-4579
7.2 HIGH

The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, …

May 15, 2025
CVE-2024-45067
8.2 HIGH

Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local …

May 14, 2025
CVE-2025-47885
8.8 HIGH

Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting …

May 14, 2025
CVE-2025-44879
7.5 HIGH

WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via …

May 14, 2025
CVE-2025-26783
7.5 HIGH

An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, W1000, Modem 5300, …

May 14, 2025
CVE-2024-55569
7.5 HIGH

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, …

May 14, 2025
CVE-2024-58101
8.1 HIGH

Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As …

May 14, 2025
CVE-2025-2900
7.5 HIGH

IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by …

May 14, 2025
CVE-2025-30663
8.8 HIGH

Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.

May 14, 2025
CVE-2025-0130
7.5 HIGH

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of …

May 14, 2025
CVE-2025-47710
7.4 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - …

May 14, 2025
CVE-2025-47708
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for …

May 14, 2025
CVE-2025-47707
7.5 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - …

May 14, 2025
CVE-2025-47701
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before …

May 14, 2025
CVE-2025-40595
7.2 HIGH

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker …

May 14, 2025
CVE-2025-3909
8.1 HIGH

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting …

May 14, 2025
CVE-2025-3875
7.5 HIGH

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, …

May 14, 2025
CVE-2025-26785
7.5 HIGH

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, …

May 14, 2025
CVE-2025-24022
8.5 HIGH

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of …

May 14, 2025
CVE-2025-3600
7.5 HIGH

In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a …

May 14, 2025
CVE-2024-54780
8.8 HIGH

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization …

May 14, 2025
CVE-2025-47445
7.5 HIGH

Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26.

May 14, 2025
CVE-2025-3931
7.8 HIGH

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus …

May 14, 2025
CVE-2025-3834
8.1 HIGH

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.

May 14, 2025
CVE-2025-3833
8.1 HIGH

Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.

May 14, 2025
CVE-2025-26864
7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects …

May 14, 2025
CVE-2025-26795
7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: …

May 14, 2025
CVE-2025-2875
7.5 HIGH

CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s …

May 14, 2025
CVE-2025-26646
8.0 HIGH

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over …

May 13, 2025
CVE-2025-43572
7.8 HIGH

Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current …

May 13, 2025
CVE-2025-43571
7.8 HIGH

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

May 13, 2025
CVE-2025-43570
7.8 HIGH

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

May 13, 2025
CVE-2025-43569
7.8 HIGH

Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 13, 2025
CVE-2025-43568
7.8 HIGH

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

May 13, 2025
CVE-2025-43565
8.4 HIGH

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of …

May 13, 2025
CVE-2025-43554
7.8 HIGH

Substance3D - Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 13, 2025
CVE-2025-43553
7.8 HIGH

Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the …

May 13, 2025
CVE-2025-43549
7.8 HIGH

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

May 13, 2025
CVE-2025-43548
7.8 HIGH

Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current …

May 13, 2025
CVE-2025-24308
7.5 HIGH

Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation …

May 13, 2025
CVE-2025-22843
7.8 HIGH

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via …

May 13, 2025
CVE-2025-21094
7.5 HIGH

Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable …

May 13, 2025
CVE-2025-20618
7.9 HIGH

Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service …

May 13, 2025
CVE-2025-20104
7.3 HIGH

Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of …

May 13, 2025
CVE-2025-20101
8.4 HIGH

Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

May 13, 2025
CVE-2025-20100
7.5 HIGH

Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation …

May 13, 2025
CVE-2025-20083
7.5 HIGH

Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access.

May 13, 2025
CVE-2025-20082
7.5 HIGH

Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable …

May 13, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.