CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-53085
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/edid: fix info leak when failing to get panel id Make sure to clear the …

May 2, 2025
CVE-2023-53084
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code …

May 2, 2025
CVE-2023-53082
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix the crash in hot unplug with vp_vdpa While unplugging the vp_vdpa device, it …

May 2, 2025
CVE-2023-53081
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into …

May 2, 2025
CVE-2023-53077
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes [WHY] When PTEBufferSizeInRequests is zero, UBSAN reports the following warning …

May 2, 2025
CVE-2023-53075
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: …

May 2, 2025
CVE-2023-53072
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup …

May 2, 2025
CVE-2023-53065
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with …

May 2, 2025
CVE-2023-53059
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's …

May 2, 2025
CVE-2023-53057
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hci_init_stage_sync(stage) considers that stage[i] is valid …

May 2, 2025
CVE-2023-53053
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skb_mac_header() in ndo_start_xmit() Drivers should not assume skb_mac_header(skb) == skb->data in …

May 2, 2025
CVE-2023-53052
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS …

May 2, 2025
CVE-2023-53039
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message …

May 2, 2025
CVE-2023-53037
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash When the SAS Transport Layer support …

May 2, 2025
CVE-2023-53035
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array …

May 2, 2025
CVE-2025-37798
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is …

May 2, 2025
CVE-2025-37797
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability …

May 2, 2025
CVE-2025-1884
7.8 HIGH

Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute …

May 2, 2025
CVE-2025-1883
7.8 HIGH

Out-Of-Bounds Write vulnerability exists in the OBJ file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to …

May 2, 2025
CVE-2025-4204
7.5 HIGH

The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 1.5.2 due …

May 2, 2025
CVE-2025-0427
7.8 HIGH

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel …

May 2, 2025
CVE-2025-0072
7.8 HIGH

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user …

May 2, 2025
CVE-2024-11142
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the …

May 2, 2025
CVE-2024-13418
8.8 HIGH

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts() function in various versions. …

May 2, 2025
CVE-2024-13344
7.5 HIGH

The Advance Seat Reservation Management for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'profileId' parameter in all versions up to, and …

May 2, 2025
CVE-2024-13322
7.5 HIGH

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'a_id' parameter in all versions up …

May 2, 2025
CVE-2025-4179
7.3 HIGH

The Flynax Bridge plugin for WordPress is vulnerable to limited Privilege Escalation due to a missing capability check on the registerUser() function in all versions …

May 2, 2025
CVE-2025-4195
7.3 HIGH

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /ajax.php?action=save_member. …

May 2, 2025
CVE-2025-4193
7.3 HIGH

A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

May 2, 2025
CVE-2025-4192
7.3 HIGH

A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/category_save.php. …

May 2, 2025
CVE-2025-4191
7.3 HIGH

A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of …

May 2, 2025
CVE-2025-4184
7.3 HIGH

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component QUOTE Command Handler. The manipulation …

May 2, 2025
CVE-2025-4183
7.3 HIGH

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RECV Command Handler. The …

May 1, 2025
CVE-2025-4182
7.3 HIGH

A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the …

May 1, 2025
CVE-2025-4181
7.3 HIGH

A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the …

May 1, 2025
CVE-2025-4180
7.3 HIGH

A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component TRACE Command …

May 1, 2025
CVE-2025-4176
7.3 HIGH

A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. This vulnerability affects unknown code of the …

May 1, 2025
CVE-2025-43595
7.8 HIGH

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' …

May 1, 2025
CVE-2024-48907
7.5 HIGH

Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.

May 1, 2025
CVE-2025-46635
7.1 HIGH

An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router …

May 1, 2025
CVE-2025-46634
8.2 HIGH

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the …

May 1, 2025
CVE-2025-46633
8.2 HIGH

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client …

May 1, 2025
CVE-2025-46628
7.3 HIGH

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access …

May 1, 2025
CVE-2025-46627
8.2 HIGH

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password …

May 1, 2025
CVE-2025-46626
7.3 HIGH

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an …

May 1, 2025
CVE-2025-46625
8.8 HIGH

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to …

May 1, 2025
CVE-2025-4174
7.3 HIGH

A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality …

May 1, 2025
CVE-2025-36521
8.8 HIGH

MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which may allow an attacker to cause memory corruption within the application. The user must open …

May 1, 2025
CVE-2025-35975
8.8 HIGH

MicroDicom DICOM Viewer is vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code. The user must open a malicious DCM …

May 1, 2025
CVE-2025-46568
7.5 HIGH

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to …

May 1, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.