CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-3192
8.2 HIGH

Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user …

Apr 4, 2025
CVE-2025-2075
8.8 HIGH

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and …

Apr 4, 2025
CVE-2024-13744
8.1 HIGH

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions …

Apr 4, 2025
CVE-2025-3202
7.3 HIGH

A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Affected is an unknown function of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysNoticeController.java. The manipulation …

Apr 4, 2025
CVE-2025-3199
7.3 HIGH

A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file …

Apr 4, 2025
CVE-2025-3195
7.3 HIGH

A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0. This issue affects some unknown processing of …

Apr 4, 2025
CVE-2025-3188
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul e-Diary Management System 1.0. This affects an unknown part of the file /add-notes.php. The manipulation …

Apr 4, 2025
CVE-2025-3187
7.3 HIGH

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of …

Apr 4, 2025
CVE-2025-29815
7.6 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.

Apr 4, 2025
CVE-2025-25000
8.8 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Apr 4, 2025
CVE-2025-3186
7.3 HIGH

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown …

Apr 4, 2025
CVE-2025-3185
7.3 HIGH

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been classified as critical. Affected is an unknown function of the …

Apr 3, 2025
CVE-2025-3184
7.3 HIGH

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file …

Apr 3, 2025
CVE-2025-3183
7.3 HIGH

A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file …

Apr 3, 2025
CVE-2025-3182
7.3 HIGH

A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file …

Apr 3, 2025
CVE-2025-3181
7.3 HIGH

A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this issue is some unknown …

Apr 3, 2025
CVE-2025-30370
7.4 HIGH

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that …

Apr 3, 2025
CVE-2025-3180
7.3 HIGH

A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the …

Apr 3, 2025
CVE-2025-3179
7.3 HIGH

A vulnerability classified as critical has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected is an unknown function of the file /doctor/deletepatient.php. …

Apr 3, 2025
CVE-2025-3178
7.3 HIGH

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of …

Apr 3, 2025
CVE-2024-56528
7.5 HIGH

This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large …

Apr 3, 2025
CVE-2024-47215
7.5 HIGH

An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to …

Apr 3, 2025
CVE-2024-47214
7.5 HIGH

An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, …

Apr 3, 2025
CVE-2024-47213
7.5 HIGH

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and …

Apr 3, 2025
CVE-2024-47212
7.5 HIGH

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and …

Apr 3, 2025
CVE-2024-45199
8.8 HIGH

insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the …

Apr 3, 2025
CVE-2025-3176
7.3 HIGH

A vulnerability was found in Project Worlds Online Lawyer Management System 1.0. It has been classified as critical. This affects an unknown part of the …

Apr 3, 2025
CVE-2025-31485
7.5 HIGH

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might …

Apr 3, 2025
CVE-2025-31481
7.5 HIGH

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security …

Apr 3, 2025
CVE-2025-31119
7.6 HIGH

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as …

Apr 3, 2025
CVE-2025-29570
7.8 HIGH

An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named …

Apr 3, 2025
CVE-2025-29504
7.8 HIGH

Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification.

Apr 3, 2025
CVE-2024-45198
8.8 HIGH

insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process …

Apr 3, 2025
CVE-2025-3175
7.3 HIGH

A vulnerability was found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of …

Apr 3, 2025
CVE-2025-3174
7.3 HIGH

A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality …

Apr 3, 2025
CVE-2025-3173
7.3 HIGH

A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file …

Apr 3, 2025
CVE-2025-31487
7.7 HIGH

The XWiki JIRA extension provides various integration points between XWiki and JIRA (macros, UI, CKEditor plugin). If the JIRA macro is installed, any logged in …

Apr 3, 2025
CVE-2025-3172
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Project Worlds Online Lawyer Management System 1.0. This issue affects some unknown processing of …

Apr 3, 2025
CVE-2025-3171
7.3 HIGH

A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The …

Apr 3, 2025
CVE-2025-3170
7.3 HIGH

A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. …

Apr 3, 2025
CVE-2025-3168
7.3 HIGH

A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality …

Apr 3, 2025
CVE-2025-29987
8.8 HIGH

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated …

Apr 3, 2025
CVE-2024-4877
8.8 HIGH

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect …

Apr 3, 2025
CVE-2025-3161
8.8 HIGH

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of …

Apr 3, 2025
CVE-2025-3155
7.4 HIGH

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to …

Apr 3, 2025
CVE-2025-32049
7.5 HIGH

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a …

Apr 3, 2025
CVE-2025-31909
7.5 HIGH

Missing Authorization vulnerability in Apptivo Apptivo Business Site CRM apptivo-business-site allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apptivo Business Site CRM: from …

Apr 3, 2025
CVE-2025-31907
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labib Ahmed Team Builder team-display allows Reflected XSS.This issue affects Team Builder: from …

Apr 3, 2025
CVE-2025-31905
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O'Donnell Team Rosters team-rosters allows Reflected XSS.This issue affects Team Rosters: from …

Apr 3, 2025
CVE-2025-31903
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows Reflected XSS.This issue affects XV Random …

Apr 3, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.