CVE Database

9215+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-68613
9.9 CRITICAL KEV

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution …

Dec 19, 2025
CVE-2023-53959
9.8 CRITICAL

FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers …

Dec 19, 2025
CVE-2023-53957
9.8 CRITICAL

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a …

Dec 19, 2025
CVE-2023-53951
9.8 CRITICAL

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token …

Dec 19, 2025
CVE-2023-53950
9.8 CRITICAL

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious …

Dec 19, 2025
CVE-2023-53948
9.8 CRITICAL

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the …

Dec 19, 2025
CVE-2025-14964
9.8 CRITICAL

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads …

Dec 19, 2025
CVE-2025-66580
9.6 CRITICAL

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting (XSS) vulnerability exists in versions prior …

Dec 19, 2025
CVE-2025-63665
9.8 CRITICAL

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the …

Dec 19, 2025
CVE-2025-58053
9.8 CRITICAL

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST …

Dec 19, 2025
CVE-2024-49587
9.1 CRITICAL

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit …

Dec 19, 2025
CVE-2025-1928
9.1 CRITICAL

Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.This issue affects Online Food Delivery …

Dec 19, 2025
CVE-2025-14733
9.8 CRITICAL KEV

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User …

Dec 19, 2025
CVE-2025-68398
9.1 CRITICAL

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its …

Dec 18, 2025
CVE-2025-65041
10.0 CRITICAL

Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.

Dec 18, 2025
CVE-2025-65037
10.0 CRITICAL

Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.

Dec 18, 2025
CVE-2025-64663
9.9 CRITICAL

Custom Question Answering Elevation of Privilege Vulnerability

Dec 18, 2025
CVE-2025-34449
9.1 CRITICAL

Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send …

Dec 18, 2025
CVE-2023-53941
9.8 CRITICAL

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control …

Dec 18, 2025
CVE-2025-56157
9.8 CRITICAL

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that …

Dec 18, 2025
CVE-2025-64236
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.

Dec 18, 2025
CVE-2025-14879
9.8 CRITICAL

A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This …

Dec 18, 2025
CVE-2025-63389
9.8 CRITICAL

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without …

Dec 18, 2025
CVE-2025-63388
9.1 CRITICAL

A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects …

Dec 18, 2025
CVE-2025-63386
9.1 CRITICAL

A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any …

Dec 18, 2025
CVE-2025-14878
9.8 CRITICAL

A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. …

Dec 18, 2025
CVE-2025-14860
9.8 CRITICAL

Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1.

Dec 18, 2025
CVE-2025-66078
9.1 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from …

Dec 18, 2025
CVE-2025-66074
9.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through <= 3.3.8.

Dec 18, 2025
CVE-2025-64374
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through <= 5.6.81.

Dec 18, 2025
CVE-2025-64233
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8.

Dec 18, 2025
CVE-2025-64231
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue …

Dec 18, 2025
CVE-2025-64227
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a …

Dec 18, 2025
CVE-2025-64206
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through <= 7.6.0.

Dec 18, 2025
CVE-2025-64188
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9.

Dec 18, 2025
CVE-2025-60180
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through …

Dec 18, 2025
CVE-2025-60178
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through …

Dec 18, 2025
CVE-2025-60174
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact …

Dec 18, 2025
CVE-2025-60091
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho …

Dec 18, 2025
CVE-2025-60090
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through …

Dec 18, 2025
CVE-2025-60089
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from …

Dec 18, 2025
CVE-2025-60062
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist allows SQL Injection.This issue affects tPlayer: from n/a …

Dec 18, 2025
CVE-2025-58951
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Advance Seat Reservation Management for WooCommerce scw-seat-reservation allows SQL Injection.This …

Dec 18, 2025
CVE-2025-54723
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Injection.This issue affects DentiCare: from n/a through < 1.4.3.

Dec 18, 2025
CVE-2025-53433
9.8 CRITICAL

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes EasyEat easyeat allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-47372
9.0 CRITICAL

Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.

Dec 18, 2025
CVE-2025-68435
9.1 CRITICAL

Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied …

Dec 17, 2025
CVE-2025-68145
9.1 CRITICAL

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did …

Dec 17, 2025
CVE-2023-53926
9.8 CRITICAL

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted …

Dec 17, 2025
CVE-2023-53923
9.8 CRITICAL

UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST …

Dec 17, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.