CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-32906
7.5 HIGH

A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use …

Apr 14, 2025
CVE-2025-3566
7.3 HIGH

A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. This issue affects the function uploadMdPic of the file …

Apr 14, 2025
CVE-2025-27009
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.33.

Apr 14, 2025
CVE-2025-24859
8.8 HIGH

A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's …

Apr 14, 2025
CVE-2025-31344
7.3 HIGH

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.

Apr 14, 2025
CVE-2025-2563
8.1 HIGH

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading …

Apr 14, 2025
CVE-2025-3572
7.5 HIGH

SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the …

Apr 14, 2025
CVE-2025-3546
8.0 HIGH

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared …

Apr 14, 2025
CVE-2025-3545
8.0 HIGH

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified …

Apr 14, 2025
CVE-2025-3544
8.0 HIGH

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. …

Apr 14, 2025
CVE-2025-3543
8.0 HIGH

A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This …

Apr 14, 2025
CVE-2025-3542
8.0 HIGH

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function …

Apr 14, 2025
CVE-2025-3541
8.0 HIGH

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. …

Apr 13, 2025
CVE-2025-3540
8.0 HIGH

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this …

Apr 13, 2025
CVE-2025-3539
8.0 HIGH

A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. …

Apr 13, 2025
CVE-2025-3445
8.1 HIGH

A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks …

Apr 13, 2025
CVE-2025-3538
8.8 HIGH

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of …

Apr 13, 2025
CVE-2024-56406
8.4 HIGH

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. …

Apr 13, 2025
CVE-2025-3418
8.8 HIGH

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly …

Apr 12, 2025
CVE-2025-29834
7.5 HIGH

Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Apr 12, 2025
CVE-2025-29803
7.3 HIGH

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

Apr 12, 2025
CVE-2025-32367
8.6 HIGH

The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used …

Apr 11, 2025
CVE-2023-42977
7.8 HIGH

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may …

Apr 11, 2025
CVE-2023-42970
8.8 HIGH

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS …

Apr 11, 2025
CVE-2023-42875
7.3 HIGH

Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS …

Apr 11, 2025
CVE-2023-41076
7.3 HIGH

An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed by removing the vulnerable code.

Apr 11, 2025
CVE-2024-13861
7.8 HIGH

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as …

Apr 11, 2025
CVE-2024-52280
7.7 HIGH

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, …

Apr 11, 2025
CVE-2025-23389
8.4 HIGH

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects …

Apr 11, 2025
CVE-2025-23388
8.2 HIGH

A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from …

Apr 11, 2025
CVE-2025-31932
8.8 HIGH

Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console. The …

Apr 11, 2025
CVE-2025-3434
7.2 HIGH

The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and …

Apr 11, 2025
CVE-2025-32681
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue …

Apr 11, 2025
CVE-2025-32672
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor ultimate-bootstrap-elements-for-elementor allows PHP …

Apr 11, 2025
CVE-2025-32671
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer print-science-designer allows Path Traversal.This issue affects Print …

Apr 11, 2025
CVE-2025-32663
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Cooming Soon fat-coming-soon allows PHP Local File …

Apr 11, 2025
CVE-2025-32656
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP …

Apr 11, 2025
CVE-2025-32654
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue …

Apr 11, 2025
CVE-2025-32650
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ability, Inc Accessibility Suite online-accessibility allows SQL Injection.This issue affects Accessibility …

Apr 11, 2025
CVE-2025-32633
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab Database Toolset database-toolset allows Path Traversal.This issue affects Database Toolset: from …

Apr 11, 2025
CVE-2025-32632
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Automatic Ban IP automatic-ban-ip allows Reflected XSS.This issue affects Automatic Ban IP: …

Apr 11, 2025
CVE-2025-32631
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in oxygensuite Oxygen MyData for WooCommerce oxygen-mydata allows Path Traversal.This issue affects Oxygen …

Apr 11, 2025
CVE-2025-32629
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Path Traversal.This issue …

Apr 11, 2025
CVE-2025-32627
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File …

Apr 11, 2025
CVE-2025-32618
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a …

Apr 11, 2025
CVE-2025-32614
8.8 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This …

Apr 11, 2025
CVE-2025-32601
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments twispay allows Reflected XSS.This issue affects Twispay Credit …

Apr 11, 2025
CVE-2025-32600
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through <= …

Apr 11, 2025
CVE-2025-32599
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler task-scheduler allows Reflected XSS.This issue affects Task Scheduler: from n/a …

Apr 11, 2025
CVE-2025-32598
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Reflected XSS.This issue affects WP …

Apr 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.