CVE Database

9215+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2018-25154
9.8 CRITICAL

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary …

Dec 24, 2025
CVE-2018-25142
9.8 CRITICAL

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files …

Dec 24, 2025
CVE-2018-25138
9.8 CRITICAL

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent …

Dec 24, 2025
CVE-2018-25135
9.8 CRITICAL

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers …

Dec 24, 2025
CVE-2018-25134
9.8 CRITICAL

Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit …

Dec 24, 2025
CVE-2025-13773
9.8 CRITICAL

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 …

Dec 24, 2025
CVE-2025-68669
9.6 CRITICAL

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where …

Dec 23, 2025
CVE-2025-68664
9.3 CRITICAL

LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and …

Dec 23, 2025
CVE-2025-66209
9.9 CRITICAL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database …

Dec 23, 2025
CVE-2025-15047
9.8 CRITICAL

A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a …

Dec 23, 2025
CVE-2025-15046
9.8 CRITICAL

A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request …

Dec 23, 2025
CVE-2025-14500
9.8 CRITICAL

IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not …

Dec 23, 2025
CVE-2025-15045
9.8 CRITICAL

A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request …

Dec 23, 2025
CVE-2025-15044
9.8 CRITICAL

A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in …

Dec 23, 2025
CVE-2025-14931
10.0 CRITICAL

Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected …

Dec 23, 2025
CVE-2025-65354
9.8 CRITICAL

Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and disclose database …

Dec 23, 2025
CVE-2025-51511
9.8 CRITICAL

Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.

Dec 23, 2025
CVE-2025-33224
9.8 CRITICAL

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to …

Dec 23, 2025
CVE-2025-33223
9.8 CRITICAL

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to …

Dec 23, 2025
CVE-2025-33222
9.8 CRITICAL

NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code …

Dec 23, 2025
CVE-2025-29229
9.8 CRITICAL

linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.

Dec 23, 2025
CVE-2025-29228
9.8 CRITICAL

Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.

Dec 23, 2025
CVE-2024-57521
10.0 CRITICAL

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.

Dec 23, 2025
CVE-2025-67109
10.0 CRITICAL

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

Dec 23, 2025
CVE-2025-67108
10.0 CRITICAL

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.

Dec 23, 2025
CVE-2025-50526
9.8 CRITICAL

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.

Dec 23, 2025
CVE-2025-14388
9.8 CRITICAL

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This …

Dec 23, 2025
CVE-2025-68615
9.8 CRITICAL

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can …

Dec 23, 2025
CVE-2025-65856
9.8 CRITICAL

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. …

Dec 22, 2025
CVE-2023-53980
9.8 CRITICAL

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with …

Dec 22, 2025
CVE-2023-53968
9.8 CRITICAL

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers …

Dec 22, 2025
CVE-2023-53966
9.8 CRITICAL

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate …

Dec 22, 2025
CVE-2023-53964
9.8 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request …

Dec 22, 2025
CVE-2023-53963
9.8 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can …

Dec 22, 2025
CVE-2023-53960
9.8 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious …

Dec 22, 2025
CVE-2023-53955
9.8 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the …

Dec 22, 2025
CVE-2025-67418
9.8 CRITICAL

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote …

Dec 22, 2025
CVE-2024-27708
9.6 CRITICAL

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter.

Dec 22, 2025
CVE-2025-67288
10.0 CRITICAL

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed …

Dec 22, 2025
CVE-2025-67289
9.6 CRITICAL

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

Dec 22, 2025
CVE-2025-12049
9.8 CRITICAL

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of …

Dec 22, 2025
CVE-2025-11543
9.8 CRITICAL

Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.

Dec 22, 2025
CVE-2025-11542
9.8 CRITICAL

Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.

Dec 22, 2025
CVE-2025-11541
9.8 CRITICAL

Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.

Dec 22, 2025
CVE-2025-15016
9.8 CRITICAL

Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information …

Dec 22, 2025
CVE-2025-15010
9.8 CRITICAL

A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page …

Dec 22, 2025
CVE-2025-15007
9.8 CRITICAL

A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component …

Dec 22, 2025
CVE-2025-15006
9.8 CRITICAL

A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP …

Dec 22, 2025
CVE-2025-13619
9.8 CRITICAL

The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This is due to the …

Dec 20, 2025
CVE-2025-13329
9.8 CRITICAL

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for …

Dec 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.