CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-24007
7.5 HIGH

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak …

May 13, 2025
CVE-2025-22248
7.5 HIGH

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside …

May 13, 2025
CVE-2024-23815
7.5 HIGH

A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of …

May 13, 2025
CVE-2025-41645
8.6 HIGH

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.

May 13, 2025
CVE-2025-27696
8.8 HIGH

Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: …

May 13, 2025
CVE-2025-4474
8.8 HIGH

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to …

May 13, 2025
CVE-2025-4473
8.8 HIGH

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to …

May 13, 2025
CVE-2025-4317
8.8 HIGH

The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up …

May 13, 2025
CVE-2025-22249
8.2 HIGH

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a …

May 13, 2025
CVE-2025-4396
7.5 HIGH

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions …

May 13, 2025
CVE-2025-35471
7.3 HIGH

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. …

May 13, 2025
CVE-2025-43011
7.7 HIGH

Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. …

May 13, 2025
CVE-2025-43010
8.3 HIGH

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain …

May 13, 2025
CVE-2025-43000
7.9 HIGH

Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low …

May 13, 2025
CVE-2025-30018
8.6 HIGH

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file …

May 13, 2025
CVE-2025-31259
7.8 HIGH

A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. …

May 12, 2025
CVE-2025-31253
7.1 HIGH

This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call …

May 12, 2025
CVE-2025-31249
7.1 HIGH

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user …

May 12, 2025
CVE-2025-31247
7.5 HIGH

A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An attacker …

May 12, 2025
CVE-2025-31246
8.8 HIGH

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting to a malicious AFP server …

May 12, 2025
CVE-2025-31244
8.8 HIGH

A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out …

May 12, 2025
CVE-2025-31240
7.5 HIGH

This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. Mounting a maliciously crafted …

May 12, 2025
CVE-2025-31238
7.3 HIGH

The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS …

May 12, 2025
CVE-2025-31237
7.5 HIGH

This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. Mounting a maliciously crafted …

May 12, 2025
CVE-2025-31234
8.2 HIGH

The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. …

May 12, 2025
CVE-2025-31232
7.1 HIGH

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A sandboxed app …

May 12, 2025
CVE-2025-31225
7.1 HIGH

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may …

May 12, 2025
CVE-2025-31224
7.8 HIGH

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may …

May 12, 2025
CVE-2025-31223
8.0 HIGH

The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS …

May 12, 2025
CVE-2025-31222
7.8 HIGH

A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS …

May 12, 2025
CVE-2025-31221
7.5 HIGH

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS …

May 12, 2025
CVE-2025-31219
7.1 HIGH

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma …

May 12, 2025
CVE-2025-31214
8.1 HIGH

This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position …

May 12, 2025
CVE-2025-31213
7.6 HIGH

A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. …

May 12, 2025
CVE-2025-31208
7.5 HIGH

The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, …

May 12, 2025
CVE-2025-31207
7.7 HIGH

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate …

May 12, 2025
CVE-2025-31204
8.8 HIGH

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, …

May 12, 2025
CVE-2025-30453
7.8 HIGH

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app …

May 12, 2025
CVE-2025-30442
7.8 HIGH

The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may …

May 12, 2025
CVE-2025-24274
7.8 HIGH

An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. …

May 12, 2025
CVE-2025-24258
7.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may …

May 12, 2025
CVE-2025-24223
8.0 HIGH

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, …

May 12, 2025
CVE-2025-1079
7.8 HIGH

Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature

May 12, 2025
CVE-2024-4982
7.6 HIGH

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the …

May 12, 2025
CVE-2024-4981
7.6 HIGH

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show …

May 12, 2025
CVE-2025-46740
7.5 HIGH

An authenticated user without user administrative permissions could change the administrator Account Name.

May 12, 2025
CVE-2025-46739
8.1 HIGH

An unauthenticated user could discover account credentials via a brute-force attack without rate limiting

May 12, 2025
CVE-2025-3632
7.5 HIGH

IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due …

May 12, 2025
CVE-2025-46737
7.4 HIGH

SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes …

May 12, 2025
CVE-2025-46610
8.8 HIGH

ARTEC EMA Mail 6.92 allows CSRF.

May 12, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.