CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-23157
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: add check to avoid out of bound access There is a possibility …

May 1, 2025
CVE-2025-23156
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: refactor hfi packet parsing logic words_count denotes the number of words in …

May 1, 2025
CVE-2025-23142
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctp_sendmsg() re-uses associations and …

May 1, 2025
CVE-2025-4164
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. …

May 1, 2025
CVE-2025-4162
7.3 HIGH

A vulnerability classified as critical was found in PCMan FTP Server up to 2.0.7. This vulnerability affects unknown code of the component ASCII Command Handler. …

May 1, 2025
CVE-2025-4161
7.3 HIGH

A vulnerability classified as critical has been found in PCMan FTP Server up to 2.0.7. This affects an unknown part of the component VERBOSE Command …

May 1, 2025
CVE-2025-4160
7.3 HIGH

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality …

May 1, 2025
CVE-2025-4159
7.3 HIGH

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality …

May 1, 2025
CVE-2025-4158
7.3 HIGH

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been classified as critical. Affected is an unknown function of the component …

May 1, 2025
CVE-2025-4153
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file …

May 1, 2025
CVE-2025-4152
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul Online Birth Certificate System 1.0. Affected is an unknown function of the file /admin/bwdates-reports-details.php. The …

May 1, 2025
CVE-2025-4151
7.3 HIGH

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the …

May 1, 2025
CVE-2025-4150
8.8 HIGH

A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument …

May 1, 2025
CVE-2025-3952
8.1 HIGH

The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due …

May 1, 2025
CVE-2025-4149
8.8 HIGH

A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host …

May 1, 2025
CVE-2025-4148
8.8 HIGH

A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument …

May 1, 2025
CVE-2025-1305
8.8 HIGH

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or …

May 1, 2025
CVE-2025-1304
8.8 HIGH

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up …

May 1, 2025
CVE-2025-2816
8.1 HIGH

The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a …

May 1, 2025
CVE-2025-4147
8.8 HIGH

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the …

May 1, 2025
CVE-2025-4146
8.8 HIGH

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads …

May 1, 2025
CVE-2025-4145
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument …

May 1, 2025
CVE-2025-4142
8.8 HIGH

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host …

Apr 30, 2025
CVE-2025-4141
8.8 HIGH

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads …

Apr 30, 2025
CVE-2025-4140
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of …

Apr 30, 2025
CVE-2023-37535
7.1 HIGH

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters.

Apr 30, 2025
CVE-2025-4139
8.8 HIGH

A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host …

Apr 30, 2025
CVE-2025-2082
7.5 HIGH

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. …

Apr 30, 2025
CVE-2024-6032
7.8 HIGH

Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S …

Apr 30, 2025
CVE-2024-6031
7.8 HIGH

Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model …

Apr 30, 2025
CVE-2024-6030
7.0 HIGH

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An …

Apr 30, 2025
CVE-2024-13943
7.8 HIGH

Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla …

Apr 30, 2025
CVE-2025-2170
7.2 HIGH

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote …

Apr 30, 2025
CVE-2024-9876
7.3 HIGH

: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.

Apr 30, 2025
CVE-2025-46619
7.6 HIGH

A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to …

Apr 30, 2025
CVE-2025-44194
7.3 HIGH

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household.

Apr 30, 2025
CVE-2025-44193
7.6 HIGH

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint.

Apr 30, 2025
CVE-2025-33074
7.5 HIGH

Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.

Apr 30, 2025
CVE-2025-30391
8.1 HIGH

Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.

Apr 30, 2025
CVE-2025-30389
8.7 HIGH

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.

Apr 30, 2025
CVE-2025-21416
8.5 HIGH

Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.

Apr 30, 2025
CVE-2025-46342
8.5 HIGH

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using …

Apr 30, 2025
CVE-2025-27409
7.5 HIGH

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version …

Apr 30, 2025
CVE-2025-27134
8.8 HIGH

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version …

Apr 30, 2025
CVE-2025-4120
8.8 HIGH

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host …

Apr 30, 2025
CVE-2025-4116
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The manipulation of …

Apr 30, 2025
CVE-2025-4115
8.8 HIGH

A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host …

Apr 30, 2025
CVE-2025-45020
7.2 HIGH

A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary …

Apr 30, 2025
CVE-2025-3395
7.1 HIGH

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.

Apr 30, 2025
CVE-2025-3394
7.8 HIGH

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.

Apr 30, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.