CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-2288
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory …

Apr 8, 2025
CVE-2025-2287
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied …

Apr 8, 2025
CVE-2025-2286
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied …

Apr 8, 2025
CVE-2025-2285
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied …

Apr 8, 2025
CVE-2025-1095
8.8 HIGH

IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in …

Apr 8, 2025
CVE-2025-32406
8.6 HIGH

An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the …

Apr 8, 2025
CVE-2025-22466
8.2 HIGH

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User …

Apr 8, 2025
CVE-2025-22461
7.2 HIGH

SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve …

Apr 8, 2025
CVE-2025-22458
7.8 HIGH

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

Apr 8, 2025
CVE-2025-30151
7.5 HIGH

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. …

Apr 8, 2025
CVE-2025-25254
7.2 HIGH

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 …

Apr 8, 2025
CVE-2024-54024
7.2 HIGH

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged …

Apr 8, 2025
CVE-2024-26013
7.5 HIGH

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 …

Apr 8, 2025
CVE-2023-37930
7.5 HIGH

Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially …

Apr 8, 2025
CVE-2025-29986
8.3 HIGH

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An …

Apr 8, 2025
CVE-2025-2807
8.8 HIGH

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in …

Apr 8, 2025
CVE-2025-3064
8.8 HIGH

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due …

Apr 8, 2025
CVE-2024-41793
8.6 HIGH

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to …

Apr 8, 2025
CVE-2024-41792
8.6 HIGH

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices contains a path traversal vulnerability. This …

Apr 8, 2025
CVE-2024-41791
7.3 HIGH

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. …

Apr 8, 2025
CVE-2025-3431
7.5 HIGH

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, …

Apr 8, 2025
CVE-2025-30014
7.7 HIGH

SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files …

Apr 8, 2025
CVE-2025-27428
7.7 HIGH

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they …

Apr 8, 2025
CVE-2025-23186
8.5 HIGH

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can …

Apr 8, 2025
CVE-2025-20946
8.8 HIGH

Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to …

Apr 8, 2025
CVE-2025-20936
8.8 HIGH

Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.

Apr 8, 2025
CVE-2025-3401
7.3 HIGH

A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical. This vulnerability affects unknown code of the file /parameter/getLimitIPList.jsp. The manipulation of …

Apr 8, 2025
CVE-2025-3400
7.3 HIGH

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of …

Apr 8, 2025
CVE-2025-3399
7.3 HIGH

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114. Affected by this issue is some unknown functionality of the file …

Apr 8, 2025
CVE-2025-2526
8.8 HIGH

The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to …

Apr 8, 2025
CVE-2025-2525
8.8 HIGH

The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'st_Authentication_Controller::edit_profile' function in all versions up …

Apr 8, 2025
CVE-2025-32409
8.1 HIGH

Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to …

Apr 7, 2025
CVE-2025-0942
8.6 HIGH

The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to …

Apr 7, 2025
CVE-2025-3384
7.3 HIGH

A vulnerability was found in 1000 Projects Human Resource Management System 1.0. It has been classified as critical. Affected is an unknown function of the …

Apr 7, 2025
CVE-2025-3383
7.3 HIGH

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as critical. This issue affects some unknown processing of the file …

Apr 7, 2025
CVE-2025-32034
7.5 HIGH

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to …

Apr 7, 2025
CVE-2025-32033
7.5 HIGH

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to …

Apr 7, 2025
CVE-2025-32032
7.5 HIGH

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability …

Apr 7, 2025
CVE-2025-32031
7.5 HIGH

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with …

Apr 7, 2025
CVE-2025-32030
7.5 HIGH

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with …

Apr 7, 2025
CVE-2025-31496
7.5 HIGH

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused …

Apr 7, 2025
CVE-2025-3380
7.3 HIGH

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Affected by this issue is some unknown functionality of the …

Apr 7, 2025
CVE-2025-3379
7.3 HIGH

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Affected by this vulnerability is an unknown functionality of the component EPSV Command …

Apr 7, 2025
CVE-2025-3378
7.3 HIGH

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component EPRT Command Handler. The …

Apr 7, 2025
CVE-2025-3377
7.3 HIGH

A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. This issue affects some unknown processing of the component ENC …

Apr 7, 2025
CVE-2025-3376
7.3 HIGH

A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component CONF Command …

Apr 7, 2025
CVE-2025-3375
7.3 HIGH

A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component CDUP Command …

Apr 7, 2025
CVE-2025-3374
7.3 HIGH

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component CCC …

Apr 7, 2025
CVE-2025-3373
7.3 HIGH

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component …

Apr 7, 2025
CVE-2025-28409
8.8 HIGH

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether …

Apr 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.