CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-13962
7.8 HIGH

Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers …

May 9, 2025
CVE-2024-13961
7.8 HIGH

Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges …

May 9, 2025
CVE-2024-13960
7.8 HIGH

Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges …

May 9, 2025
CVE-2024-13959
7.8 HIGH

Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in …

May 9, 2025
CVE-2024-13944
7.8 HIGH

Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges …

May 9, 2025
CVE-2024-13759
7.8 HIGH

Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion

May 9, 2025
CVE-2025-4206
7.2 HIGH

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to …

May 9, 2025
CVE-2025-3528
8.2 HIGH

A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the …

May 9, 2025
CVE-2025-4468
7.3 HIGH

A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been rated as critical. This issue affects some unknown processing of the …

May 9, 2025
CVE-2025-4467
7.3 HIGH

A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file …

May 9, 2025
CVE-2025-3455
8.8 HIGH

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to …

May 9, 2025
CVE-2025-37885
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE …

May 9, 2025
CVE-2025-37882
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points …

May 9, 2025
CVE-2025-37879
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the …

May 9, 2025
CVE-2025-37869
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xe_migrate_clear The intent of the error path …

May 9, 2025
CVE-2025-37861
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task …

May 9, 2025
CVE-2025-37854
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset crash issue If HW scheduler hangs and mode1 reset is used …

May 9, 2025
CVE-2025-37849
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the …

May 9, 2025
CVE-2025-37846
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is …

May 9, 2025
CVE-2025-37845
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tracing: fprobe events: Fix possible UAF on modules Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of …

May 9, 2025
CVE-2025-37840
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: fix PM resume warning Fixed warning on PM resume as shown below …

May 9, 2025
CVE-2025-37839
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: jbd2: remove wrong sb->s_sequence check Journal emptiness is not determined by sb->s_sequence == 0 but …

May 9, 2025
CVE-2025-4466
7.3 HIGH

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=save_payment. …

May 9, 2025
CVE-2025-4465
7.3 HIGH

A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

May 9, 2025
CVE-2025-4464
7.3 HIGH

A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

May 9, 2025
CVE-2025-4463
7.3 HIGH

A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_package. The …

May 9, 2025
CVE-2025-4462
8.8 HIGH

A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The …

May 9, 2025
CVE-2025-4457
7.3 HIGH

A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file …

May 9, 2025
CVE-2025-4456
7.3 HIGH

A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The …

May 9, 2025
CVE-2025-3713
7.5 HIGH

The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit …

May 9, 2025
CVE-2025-3712
7.5 HIGH

The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit …

May 9, 2025
CVE-2025-4455
7.0 HIGH

A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing …

May 9, 2025
CVE-2025-4452
8.8 HIGH

A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument …

May 9, 2025
CVE-2025-4451
8.8 HIGH

A vulnerability has been found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this vulnerability is the function formSetWAN_Wizard52. The manipulation of the …

May 9, 2025
CVE-2025-4450
8.8 HIGH

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.04B04. Affected is the function formSetEasy_Wizard. The manipulation of the argument curTime leads …

May 9, 2025
CVE-2025-4449
8.8 HIGH

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.04B04. This issue affects the function formEasySetupWizard3. The manipulation of the argument …

May 9, 2025
CVE-2025-4448
8.8 HIGH

A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to …

May 9, 2025
CVE-2025-4446
8.0 HIGH

A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. …

May 9, 2025
CVE-2025-4442
8.8 HIGH

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument …

May 9, 2025
CVE-2025-4441
8.8 HIGH

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime …

May 8, 2025
CVE-2025-4440
8.0 HIGH

A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Affected by this issue is the function EnableIpv6 of the file …

May 8, 2025
CVE-2025-47732
8.7 HIGH

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.

May 8, 2025
CVE-2025-33072
8.1 HIGH

Improper access control in Azure allows an unauthorized attacker to disclose information over a network.

May 8, 2025
CVE-2025-27720
7.4 HIGH

The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.

May 8, 2025
CVE-2025-27578
7.5 HIGH

Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory …

May 8, 2025
CVE-2025-1331
7.8 HIGH

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system …

May 8, 2025
CVE-2025-1330
7.8 HIGH

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system …

May 8, 2025
CVE-2025-1329
7.8 HIGH

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system …

May 8, 2025
CVE-2024-9448
7.5 HIGH

On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they …

May 8, 2025
CVE-2024-8100
8.7 HIGH

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

May 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.