CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-1088
2.7 LOW

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. …

Jun 18, 2025
CVE-2025-45526
2.9 LOW

A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit …

Jun 17, 2025
CVE-2025-45525
2.9 LOW

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard …

Jun 17, 2025
CVE-2025-6199
3.3 LOW

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported …

Jun 17, 2025
CVE-2025-6166
3.5 LOW

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file …

Jun 17, 2025
CVE-2025-6141
3.3 LOW

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. …

Jun 16, 2025
CVE-2025-6140
3.3 LOW

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation …

Jun 16, 2025
CVE-2025-6139
3.9 LOW

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file …

Jun 16, 2025
CVE-2025-6131
2.4 LOW

A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of …

Jun 16, 2025
CVE-2025-6170
2.5 LOW

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long …

Jun 16, 2025
CVE-2025-6127
3.5 LOW

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown …

Jun 16, 2025
CVE-2025-6125
2.4 LOW

A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file …

Jun 16, 2025
CVE-2025-24388
3.8 LOW

A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin …

Jun 16, 2025
CVE-2025-6107
3.1 LOW

A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation …

Jun 16, 2025
CVE-2025-49597
3.9 LOW

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a …

Jun 13, 2025
CVE-2025-49583
3.5 LOW

XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and …

Jun 13, 2025
CVE-2025-6052
3.7 LOW

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with …

Jun 13, 2025
CVE-2025-48825
2.5 LOW

RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who …

Jun 13, 2025
CVE-2024-38823
2.7 LOW

Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.

Jun 13, 2025
CVE-2024-38822
2.7 LOW

Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.

Jun 13, 2025
CVE-2025-4227
3.5 LOW

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain …

Jun 13, 2025
CVE-2025-5982
3.7 LOW

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions …

Jun 12, 2025
CVE-2025-49198
3.1 LOW

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by …

Jun 12, 2025
CVE-2025-1699
2.8 LOW

An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.

Jun 11, 2025
CVE-2025-1698
2.8 LOW

Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

Jun 11, 2025
CVE-2025-4128
3.1 LOW

Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view …

Jun 11, 2025
CVE-2025-5984
3.5 LOW

A vulnerability has been found in SourceCodester Online Student Clearance System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of …

Jun 10, 2025
CVE-2025-47096
3.5 LOW

Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, allowing a …

Jun 10, 2025
CVE-2025-5976
3.5 LOW

A vulnerability has been found in PHPGurukul Rail Pass Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/add-pass.php. …

Jun 10, 2025
CVE-2025-5974
3.5 LOW

A vulnerability, which was classified as problematic, has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this issue is some unknown functionality …

Jun 10, 2025
CVE-2025-5973
2.4 LOW

A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file …

Jun 10, 2025
CVE-2025-5972
2.4 LOW

A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/manage-subadmins.php. The …

Jun 10, 2025
CVE-2025-36576
2.7 LOW

Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially …

Jun 10, 2025
CVE-2025-5970
2.4 LOW

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the …

Jun 10, 2025
CVE-2025-22251
3.1 LOW

An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all …

Jun 10, 2025
CVE-2023-29184
3.2 LOW

An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged …

Jun 10, 2025
CVE-2025-42990
3.0 LOW

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the …

Jun 10, 2025
CVE-2025-42988
3.7 LOW

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP …

Jun 10, 2025
CVE-2025-0036
3.2 LOW

In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to …

Jun 10, 2025
CVE-2025-5918
3.9 LOW

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading …

Jun 9, 2025
CVE-2025-5917
2.8 LOW

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can …

Jun 9, 2025
CVE-2025-5916
3.9 LOW

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) …

Jun 9, 2025
CVE-2025-5889
3.1 LOW

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of …

Jun 9, 2025
CVE-2025-5887
3.5 LOW

A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the …

Jun 9, 2025
CVE-2025-5886
3.5 LOW

A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation …

Jun 9, 2025
CVE-2025-5884
3.5 LOW

A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display …

Jun 9, 2025
CVE-2025-5879
3.5 LOW

A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component …

Jun 9, 2025
CVE-2025-5864
3.7 LOW

A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality …

Jun 9, 2025
CVE-2025-27563
3.3 LOW

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Jun 8, 2025
CVE-2025-27242
3.3 LOW

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.

Jun 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.