CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-4114
8.8 HIGH

A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to …

Apr 30, 2025
CVE-2025-24351
8.8 HIGH

A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands …

Apr 30, 2025
CVE-2025-24350
7.1 HIGH

A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates …

Apr 30, 2025
CVE-2025-24349
7.1 HIGH

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of …

Apr 30, 2025
CVE-2025-24346
7.5 HIGH

A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via …

Apr 30, 2025
CVE-2025-4112
7.3 HIGH

A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. …

Apr 30, 2025
CVE-2025-24338
7.1 HIGH

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side …

Apr 30, 2025
CVE-2025-4108
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The …

Apr 30, 2025
CVE-2025-4125
7.8 HIGH

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.

Apr 30, 2025
CVE-2025-4124
7.8 HIGH

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.

Apr 30, 2025
CVE-2025-22884
7.8 HIGH

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP …

Apr 30, 2025
CVE-2025-22883
7.8 HIGH

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

Apr 30, 2025
CVE-2025-22882
7.8 HIGH

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary …

Apr 30, 2025
CVE-2025-30202
7.5 HIGH

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of …

Apr 30, 2025
CVE-2025-29906
8.6 HIGH

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` …

Apr 29, 2025
CVE-2025-3501
8.2 HIGH

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

Apr 29, 2025
CVE-2024-57698
7.5 HIGH

An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration …

Apr 29, 2025
CVE-2025-4079
7.3 HIGH

A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Affected is an unknown function of the component RENAME …

Apr 29, 2025
CVE-2025-4074
7.3 HIGH

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality …

Apr 29, 2025
CVE-2025-46349
7.6 HIGH

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability …

Apr 29, 2025
CVE-2025-4073
7.3 HIGH

A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. …

Apr 29, 2025
CVE-2025-45956
8.8 HIGH

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" …

Apr 29, 2025
CVE-2025-23181
8.0 HIGH

CWE-250: Execution with Unnecessary Privileges

Apr 29, 2025
CVE-2025-23180
8.0 HIGH

CWE-250: Execution with Unnecessary Privileges

Apr 29, 2025
CVE-2025-4071
7.3 HIGH

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. …

Apr 29, 2025
CVE-2025-4070
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. …

Apr 29, 2025
CVE-2025-40619
7.5 HIGH

Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach …

Apr 29, 2025
CVE-2025-32354
8.8 HIGH

In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a …

Apr 29, 2025
CVE-2025-23178
7.6 HIGH

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

Apr 29, 2025
CVE-2025-23177
7.6 HIGH

CWE-427: Uncontrolled Search Path Element

Apr 29, 2025
CVE-2025-4066
7.3 HIGH

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The …

Apr 29, 2025
CVE-2025-4065
7.3 HIGH

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation …

Apr 29, 2025
CVE-2025-4093
8.1 HIGH

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort …

Apr 29, 2025
CVE-2025-4091
8.1 HIGH

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and …

Apr 29, 2025
CVE-2025-4085
7.1 HIGH

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was …

Apr 29, 2025
CVE-2025-2817
8.8 HIGH

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged …

Apr 29, 2025
CVE-2025-4060
7.3 HIGH

A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file …

Apr 29, 2025
CVE-2025-4058
7.3 HIGH

A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation …

Apr 29, 2025
CVE-2025-3891
7.5 HIGH

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by …

Apr 29, 2025
CVE-2025-30194
7.5 HIGH

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that …

Apr 29, 2025
CVE-2025-24252
8.8 HIGH

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS …

Apr 29, 2025
CVE-2025-24206
7.7 HIGH

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS …

Apr 29, 2025
CVE-2025-4039
7.3 HIGH

A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality …

Apr 28, 2025
CVE-2025-4034
7.3 HIGH

A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. …

Apr 28, 2025
CVE-2025-3224
7.8 HIGH

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to …

Apr 28, 2025
CVE-2025-34491
8.8 HIGH

GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted …

Apr 28, 2025
CVE-2025-31650
7.5 HIGH

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which …

Apr 28, 2025
CVE-2025-4033
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. Affected is an unknown function of the file /patient-search-report.php. …

Apr 28, 2025
CVE-2025-34489
7.8 HIGH

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a …

Apr 28, 2025
CVE-2025-4031
7.3 HIGH

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/aboutus.php. …

Apr 28, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.