CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-3846
7.3 HIGH

A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of …

Apr 21, 2025
CVE-2025-3845
7.3 HIGH

A vulnerability was found in markparticle WebServer up to 1.0. It has been declared as critical. Affected by this vulnerability is the function Buffer::HasWritten of …

Apr 21, 2025
CVE-2025-32956
8.0 HIGH

ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces …

Apr 21, 2025
CVE-2025-27086
8.1 HIGH

A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication.

Apr 21, 2025
CVE-2024-57394
8.8 HIGH

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. …

Apr 21, 2025
CVE-2025-23174
7.5 HIGH

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Apr 21, 2025
CVE-2025-43922
8.1 HIGH

The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM.

Apr 21, 2025
CVE-2025-3857
7.5 HIGH

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while …

Apr 21, 2025
CVE-2025-43971
8.6 HIGH

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

Apr 21, 2025
CVE-2025-3829
7.3 HIGH

A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file …

Apr 20, 2025
CVE-2025-3828
7.3 HIGH

A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. …

Apr 20, 2025
CVE-2025-3827
7.3 HIGH

A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. …

Apr 20, 2025
CVE-2025-3820
8.8 HIGH

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file …

Apr 19, 2025
CVE-2025-3819
7.3 HIGH

A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of …

Apr 19, 2025
CVE-2025-43917
8.2 HIGH

In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new …

Apr 19, 2025
CVE-2025-3803
8.8 HIGH

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file …

Apr 19, 2025
CVE-2025-3802
8.8 HIGH

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file …

Apr 19, 2025
CVE-2025-3800
7.3 HIGH

A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The …

Apr 19, 2025
CVE-2025-3799
7.3 HIGH

A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the …

Apr 19, 2025
CVE-2025-3404
8.8 HIGH

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions …

Apr 19, 2025
CVE-2025-3809
7.2 HIGH

The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, …

Apr 19, 2025
CVE-2025-2111
7.5 HIGH

The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due …

Apr 19, 2025
CVE-2024-13926
7.5 HIGH

The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby …

Apr 19, 2025
CVE-2025-3103
7.5 HIGH

The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read …

Apr 19, 2025
CVE-2025-2010
7.5 HIGH

The JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in …

Apr 19, 2025
CVE-2025-32953
8.7 HIGH

z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to …

Apr 18, 2025
CVE-2025-24914
7.8 HIGH

When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could …

Apr 18, 2025
CVE-2025-28237
8.8 HIGH

An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload.

Apr 18, 2025
CVE-2025-28235
7.5 HIGH

An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator …

Apr 18, 2025
CVE-2025-1697
7.8 HIGH

A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability …

Apr 18, 2025
CVE-2025-28059
7.5 HIGH

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale …

Apr 18, 2025
CVE-2025-32442
7.5 HIGH

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different …

Apr 18, 2025
CVE-2025-31118
7.1 HIGH

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does …

Apr 18, 2025
CVE-2025-30357
7.3 HIGH

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving …

Apr 18, 2025
CVE-2025-30158
7.1 HIGH

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post …

Apr 18, 2025
CVE-2025-29784
7.5 HIGH

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests …

Apr 18, 2025
CVE-2025-37838
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In …

Apr 18, 2025
CVE-2025-29625
7.8 HIGH

A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment …

Apr 18, 2025
CVE-2025-28228
7.5 HIGH

A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access …

Apr 18, 2025
CVE-2025-40364
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state …

Apr 18, 2025
CVE-2025-3786
8.8 HIGH

A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The …

Apr 18, 2025
CVE-2025-3785
8.8 HIGH

A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component …

Apr 18, 2025
CVE-2025-40114
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, …

Apr 18, 2025
CVE-2025-40014
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates …

Apr 18, 2025
CVE-2025-39778
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() The csts_state_names[] array only has six sparse …

Apr 18, 2025
CVE-2025-39735
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks …

Apr 18, 2025
CVE-2025-38479
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: free irq correctly in remove path Add fsl_edma->txirq/errirq check to avoid below warning …

Apr 18, 2025
CVE-2025-37785
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which …

Apr 18, 2025
CVE-2025-39470
8.1 HIGH

Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0.

Apr 18, 2025
CVE-2025-39469
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1.

Apr 18, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.