CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-31036
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in WPSOLR WPSolr wpsolr-free allows Privilege Escalation.This issue affects WPSolr: from n/a through <= 24.0.

Apr 9, 2025
CVE-2025-31032
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway pagopar-woocommerce-gateway allows Stored XSS.This issue affects Pagopar – WooCommerce Gateway: …

Apr 9, 2025
CVE-2025-31026
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded comment-validation-reloaded allows Stored XSS.This issue affects Comment Validation Reloaded: from n/a through <= 0.5.

Apr 9, 2025
CVE-2025-31023
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags seo-meta-tags allows Cross Site Request Forgery.This issue affects Seo Meta Tags: from n/a through <= …

Apr 9, 2025
CVE-2025-32380
7.5 HIGH

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability …

Apr 9, 2025
CVE-2025-29394
8.1 HIGH

An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type.

Apr 9, 2025
CVE-2025-29391
7.2 HIGH

horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Controller/BookController.class.php.

Apr 9, 2025
CVE-2025-29390
8.8 HIGH

jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/controllers/home.php.

Apr 9, 2025
CVE-2025-1968
7.7 HIGH

Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: …

Apr 9, 2025
CVE-2025-29189
7.6 HIGH

Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.

Apr 9, 2025
CVE-2025-2223
7.8 HIGH

CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is …

Apr 9, 2025
CVE-2025-2222
7.8 HIGH

CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle …

Apr 9, 2025
CVE-2017-20197
7.3 HIGH

A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /includes/login.php. …

Apr 9, 2025
CVE-2025-29870
7.5 HIGH

Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information …

Apr 9, 2025
CVE-2025-27934
7.5 HIGH

Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain …

Apr 9, 2025
CVE-2025-25053
8.8 HIGH

OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may …

Apr 9, 2025
CVE-2024-55354
8.8 HIGH

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that …

Apr 8, 2025
CVE-2025-30290
8.7 HIGH

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could …

Apr 8, 2025
CVE-2025-30289
8.2 HIGH

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability …

Apr 8, 2025
CVE-2025-30288
8.2 HIGH

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low …

Apr 8, 2025
CVE-2025-30287
8.2 HIGH

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of …

Apr 8, 2025
CVE-2025-30286
8.4 HIGH

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability …

Apr 8, 2025
CVE-2025-30285
8.4 HIGH

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the …

Apr 8, 2025
CVE-2025-30284
8.4 HIGH

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the …

Apr 8, 2025
CVE-2024-12556
8.7 HIGH

Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.

Apr 8, 2025
CVE-2025-30304
7.8 HIGH

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Apr 8, 2025
CVE-2025-30299
7.8 HIGH

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Apr 8, 2025
CVE-2025-30298
7.8 HIGH

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Apr 8, 2025
CVE-2025-30297
7.8 HIGH

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Apr 8, 2025
CVE-2025-30296
7.8 HIGH

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in …

Apr 8, 2025
CVE-2025-30295
7.8 HIGH

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Apr 8, 2025
CVE-2025-29824
7.8 HIGH KEV

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-29823
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Apr 8, 2025
CVE-2025-29822
7.8 HIGH

Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.

Apr 8, 2025
CVE-2025-29820
7.8 HIGH

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Apr 8, 2025
CVE-2025-29816
7.5 HIGH

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

Apr 8, 2025
CVE-2025-29812
7.8 HIGH

Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-29811
7.8 HIGH

Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-29810
7.5 HIGH

Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.

Apr 8, 2025
CVE-2025-29809
7.1 HIGH

Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.

Apr 8, 2025
CVE-2025-29805
7.5 HIGH

Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.

Apr 8, 2025
CVE-2025-29804
7.3 HIGH

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-29802
7.3 HIGH

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-29801
7.8 HIGH

Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-29800
7.8 HIGH

Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-29794
8.8 HIGH

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Apr 8, 2025
CVE-2025-29793
7.2 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Apr 8, 2025
CVE-2025-29792
7.3 HIGH

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-29791
7.8 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Apr 8, 2025
CVE-2025-27752
7.8 HIGH

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Apr 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.