CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-45835
7.5 HIGH

A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger …

May 12, 2025
CVE-2025-47270
7.5 HIGH

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross is vulnerable to a …

May 12, 2025
CVE-2025-32390
8.5 HIGH

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base (KB) articles leads to complete page defacement …

May 12, 2025
CVE-2025-3496
7.5 HIGH

An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface.

May 12, 2025
CVE-2025-4561
8.8 HIGH

The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling …

May 12, 2025
CVE-2025-4554
7.3 HIGH

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. This affects an unknown part of the file …

May 12, 2025
CVE-2025-4553
7.3 HIGH

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …

May 12, 2025
CVE-2025-4550
7.3 HIGH

A vulnerability, which was classified as critical, has been found in PHPGurukul Apartment Visitors Management System 1.0. This issue affects some unknown processing of the …

May 11, 2025
CVE-2025-4549
7.3 HIGH

A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/register-router.php. The manipulation …

May 11, 2025
CVE-2025-4548
7.3 HIGH

A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.php. The …

May 11, 2025
CVE-2025-4543
7.3 HIGH

A vulnerability, which was classified as critical, was found in LyLme Spage 2.1. This affects an unknown part of the file lylme_spage/blob/master/admin/ajax_link.php. The manipulation of …

May 11, 2025
CVE-2025-4540
7.0 HIGH

A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component …

May 11, 2025
CVE-2025-4539
7.0 HIGH

A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the …

May 11, 2025
CVE-2025-4532
7.0 HIGH

A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of …

May 11, 2025
CVE-2025-4525
7.0 HIGH

A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the …

May 10, 2025
CVE-2025-47817
8.8 HIGH

In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter.

May 10, 2025
CVE-2025-4509
7.3 HIGH

A vulnerability, which was classified as critical, has been found in PHPGurukul e-Diary Management System 1.0. This issue affects some unknown processing of the file …

May 10, 2025
CVE-2025-4508
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /my-profile.php. The manipulation of …

May 10, 2025
CVE-2025-4507
7.3 HIGH

A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The …

May 10, 2025
CVE-2025-4506
7.3 HIGH

A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality …

May 10, 2025
CVE-2025-4505
7.3 HIGH

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality …

May 10, 2025
CVE-2025-4504
7.3 HIGH

A vulnerability was found in SourceCodester Online College Library System 1.0. It has been classified as critical. Affected is an unknown function of the file …

May 10, 2025
CVE-2023-53145
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, …

May 10, 2025
CVE-2025-4503
7.3 HIGH

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/customer_update.php. …

May 10, 2025
CVE-2025-4502
7.3 HIGH

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/creditor_add.php. …

May 10, 2025
CVE-2025-1752
7.5 HIGH

A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due …

May 10, 2025
CVE-2025-3876
8.8 HIGH

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function …

May 10, 2025
CVE-2025-2158
8.8 HIGH

The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up …

May 10, 2025
CVE-2025-4496
8.8 HIGH

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the …

May 10, 2025
CVE-2025-1137
7.5 HIGH

IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.

May 10, 2025
CVE-2025-47424
7.1 HIGH

Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.

May 9, 2025
CVE-2025-4494
7.3 HIGH

A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java of the component …

May 9, 2025
CVE-2025-4492
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Campcodes Online Food Ordering System 1.0. This issue affects some unknown processing of the …

May 9, 2025
CVE-2025-4491
7.3 HIGH

A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation …

May 9, 2025
CVE-2025-4490
7.3 HIGH

A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin.php. The …

May 9, 2025
CVE-2025-4489
7.3 HIGH

A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality …

May 9, 2025
CVE-2025-4447
7.8 HIGH

In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file …

May 9, 2025
CVE-2025-47269
8.3 HIGH

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result …

May 9, 2025
CVE-2025-4488
7.3 HIGH

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of …

May 9, 2025
CVE-2025-4487
7.3 HIGH

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_member. …

May 9, 2025
CVE-2025-4486
7.3 HIGH

A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_plan. The …

May 9, 2025
CVE-2025-4485
7.3 HIGH

A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=delete_trainer. The …

May 9, 2025
CVE-2025-4484
7.3 HIGH

A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_user. The …

May 9, 2025
CVE-2025-4483
7.3 HIGH

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of …

May 9, 2025
CVE-2025-4482
7.3 HIGH

A vulnerability classified as critical was found in Project Worlds Student Project Allocation System 1.0. Affected by this vulnerability is an unknown functionality of the …

May 9, 2025
CVE-2025-4481
7.3 HIGH

A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the …

May 9, 2025
CVE-2025-29509
8.8 HIGH

Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening …

May 9, 2025
CVE-2025-28203
8.8 HIGH

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.

May 9, 2025
CVE-2025-28202
8.8 HIGH

Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication.

May 9, 2025
CVE-2024-9524
7.8 HIGH

Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers …

May 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.