CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-30724
7.5 HIGH

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability …

Apr 15, 2025
CVE-2025-30716
7.5 HIGH

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable …

Apr 15, 2025
CVE-2025-30712
8.1 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high …

Apr 15, 2025
CVE-2025-30708
7.5 HIGH

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Supported versions that are affected are 12.2.4-12.2.14. Easily exploitable …

Apr 15, 2025
CVE-2025-30707
7.5 HIGH

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated …

Apr 15, 2025
CVE-2025-30706
7.5 HIGH

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged …

Apr 15, 2025
CVE-2025-30701
7.3 HIGH

Vulnerability in the RAS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low …

Apr 15, 2025
CVE-2025-30690
7.2 HIGH

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Difficult to exploit vulnerability allows high …

Apr 15, 2025
CVE-2025-30686
7.6 HIGH

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability …

Apr 15, 2025
CVE-2025-30511
8.8 HIGH

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant.

Apr 15, 2025
CVE-2025-2497
7.8 HIGH

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to …

Apr 15, 2025
CVE-2025-27939
7.5 HIGH

An attacker can change registered email addresses of other users and take over arbitrary accounts.

Apr 15, 2025
CVE-2025-21587
7.4 HIGH

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are …

Apr 15, 2025
CVE-2025-1656
7.8 HIGH

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability …

Apr 15, 2025
CVE-2025-1277
7.8 HIGH

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute …

Apr 15, 2025
CVE-2025-1276
7.8 HIGH

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Apr 15, 2025
CVE-2025-1275
7.8 HIGH

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this …

Apr 15, 2025
CVE-2025-1274
7.8 HIGH

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause …

Apr 15, 2025
CVE-2025-1273
7.8 HIGH

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability …

Apr 15, 2025
CVE-2025-32438
8.8 HIGH

make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user …

Apr 15, 2025
CVE-2025-32012
7.5 HIGH

Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their …

Apr 15, 2025
CVE-2025-31497
7.5 HIGH

TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a …

Apr 15, 2025
CVE-2024-42193
8.1 HIGH

HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of …

Apr 15, 2025
CVE-2025-3617
7.8 HIGH

A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access …

Apr 15, 2025
CVE-2024-50960
7.2 HIGH

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= …

Apr 15, 2025
CVE-2025-32780
7.3 HIGH

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. …

Apr 15, 2025
CVE-2024-36842
7.3 HIGH

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to …

Apr 15, 2025
CVE-2025-32948
7.5 HIGH

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers …

Apr 15, 2025
CVE-2025-32947
7.5 HIGH

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when …

Apr 15, 2025
CVE-2025-29281
8.8 HIGH

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within …

Apr 15, 2025
CVE-2025-32929
7.5 HIGH

Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects …

Apr 15, 2025
CVE-2025-31011
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Reflected XSS.This issue affects SimplyRETS Real …

Apr 15, 2025
CVE-2025-30962
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a …

Apr 15, 2025
CVE-2025-26992
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: …

Apr 15, 2025
CVE-2025-26959
8.8 HIGH

Missing Authorization vulnerability in Quý Lê 91 Administrator Z administrator-z allows Privilege Escalation.This issue affects Administrator Z: from n/a through <= 2025.03.24.

Apr 15, 2025
CVE-2025-26958
7.5 HIGH

Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through <= 2.4.3.

Apr 15, 2025
CVE-2025-26954
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 1pluginjquery ZooEffect 1-jquery-photo-gallery-slideshow-flash allows Reflected XSS.This issue affects ZooEffect: from n/a through <= …

Apr 15, 2025
CVE-2025-26944
7.5 HIGH

Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through <= 2.0.11.

Apr 15, 2025
CVE-2025-26942
7.5 HIGH

Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through <= 1.5.1.

Apr 15, 2025
CVE-2025-26894
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mobeen Abdullah Coming Soon, Maintenance Mode site-mode allows PHP …

Apr 15, 2025
CVE-2025-26889
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hockeydata hockeydata LOS hockeydata-los allows PHP Local File Inclusion.This …

Apr 15, 2025
CVE-2025-26743
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter advance-wp-query-search-filter allows Reflected XSS.This issue affects Advance …

Apr 15, 2025
CVE-2025-26741
8.8 HIGH

Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through <= 1.1.6.

Apr 15, 2025
CVE-2025-31491
8.6 HIGH

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows …

Apr 15, 2025
CVE-2025-31490
7.5 HIGH

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows …

Apr 14, 2025
CVE-2025-32914
7.4 HIGH

A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce …

Apr 14, 2025
CVE-2025-2161
7.1 HIGH

Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup

Apr 14, 2025
CVE-2025-2160
8.1 HIGH

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup

Apr 14, 2025
CVE-2025-32913
7.5 HIGH

A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to …

Apr 14, 2025
CVE-2025-32908
7.5 HIGH

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may …

Apr 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.