CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-0856
7.3 HIGH

The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions …

May 6, 2025
CVE-2025-4372
8.8 HIGH

Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

May 6, 2025
CVE-2025-0853
7.5 HIGH

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'save_header_builder' function in all versions up to, and …

May 6, 2025
CVE-2025-0649
7.5 HIGH

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.

May 6, 2025
CVE-2025-46820
7.1 HIGH

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUB_TOKEN in the Dom workflow run artifact. The ci.yml workflow …

May 6, 2025
CVE-2025-46815
8.0 HIGH

The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for …

May 6, 2025
CVE-2025-30165
8.0 HIGH

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some …

May 6, 2025
CVE-2025-4368
8.8 HIGH

A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of …

May 6, 2025
CVE-2025-4363
7.3 HIGH

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. This issue affects some unknown processing of the file …

May 6, 2025
CVE-2025-22478
8.1 HIGH

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network …

May 6, 2025
CVE-2025-22477
8.3 HIGH

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this …

May 6, 2025
CVE-2025-4362
7.3 HIGH

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_membership. The manipulation of …

May 6, 2025
CVE-2025-4361
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. This affects an unknown part of the file /department.php. The …

May 6, 2025
CVE-2025-4360
7.3 HIGH

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of …

May 6, 2025
CVE-2025-2898
7.5 HIGH

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in …

May 6, 2025
CVE-2025-4359
7.3 HIGH

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_member. …

May 6, 2025
CVE-2025-4358
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The …

May 6, 2025
CVE-2025-4356
8.8 HIGH

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of …

May 6, 2025
CVE-2025-4355
8.8 HIGH

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation …

May 6, 2025
CVE-2025-4354
8.8 HIGH

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue is the function check_dws_cookie of the file /storage. The …

May 6, 2025
CVE-2025-4350
8.8 HIGH

A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host …

May 6, 2025
CVE-2025-4349
8.8 HIGH

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host …

May 6, 2025
CVE-2025-0984
8.2 HIGH

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows …

May 6, 2025
CVE-2025-4348
8.8 HIGH

A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The …

May 6, 2025
CVE-2025-4347
8.8 HIGH

A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The …

May 6, 2025
CVE-2025-4346
8.8 HIGH

A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the …

May 6, 2025
CVE-2025-4345
8.8 HIGH

A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument …

May 6, 2025
CVE-2025-4344
8.8 HIGH

A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument …

May 6, 2025
CVE-2025-46762
8.1 HIGH

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix …

May 6, 2025
CVE-2025-2011
7.5 HIGH

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, …

May 6, 2025
CVE-2025-4343
8.8 HIGH

A vulnerability has been found in D-Link DIR-600L up to 2.07B01 and classified as critical. This vulnerability affects the function formEasySetupWizard. The manipulation of the …

May 6, 2025
CVE-2025-4342
8.8 HIGH

A vulnerability, which was classified as critical, has been found in D-Link DIR-600L up to 2.07B01. Affected by this issue is the function formEasySetupWizard3. The …

May 6, 2025
CVE-2025-21475
7.8 HIGH

Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.

May 6, 2025
CVE-2025-21470
7.8 HIGH

Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.

May 6, 2025
CVE-2025-21469
7.8 HIGH

Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.

May 6, 2025
CVE-2025-21468
7.8 HIGH

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at …

May 6, 2025
CVE-2025-21467
7.8 HIGH

Memory corruption while reading the FW response from the shared queue.

May 6, 2025
CVE-2025-21462
7.8 HIGH

Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.

May 6, 2025
CVE-2025-21460
7.8 HIGH

Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.

May 6, 2025
CVE-2025-21459
7.5 HIGH

Transient DOS while parsing per STA profile in ML IE.

May 6, 2025
CVE-2025-21453
7.8 HIGH

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

May 6, 2025
CVE-2024-49847
7.5 HIGH

Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.

May 6, 2025
CVE-2024-49846
8.2 HIGH

Memory corruption while decoding of OTA messages from T3448 IE.

May 6, 2025
CVE-2024-49845
7.8 HIGH

Memory corruption during the FRS UDS generation process.

May 6, 2025
CVE-2024-49844
7.8 HIGH

Memory corruption while triggering commands in the PlayReady Trusted application.

May 6, 2025
CVE-2024-49842
7.8 HIGH

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

May 6, 2025
CVE-2024-49841
7.8 HIGH

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

May 6, 2025
CVE-2024-49835
7.8 HIGH

Memory corruption while reading secure file.

May 6, 2025
CVE-2024-45579
7.8 HIGH

Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement …

May 6, 2025
CVE-2024-45578
7.8 HIGH

Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.

May 6, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.