CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-21979
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment …

Apr 1, 2025
CVE-2025-21973
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx} When qstats-get operation is executed, …

Apr 1, 2025
CVE-2025-21969
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the …

Apr 1, 2025
CVE-2025-21968
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free on hdcp_work [Why] A slab-use-after-free is reported when HDCP is destroyed but …

Apr 1, 2025
CVE-2025-21967
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_free_work_struct ->interim_entry of ksmbd_work could be deleted after oplock is freed. …

Apr 1, 2025
CVE-2025-21966
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter …

Apr 1, 2025
CVE-2025-21950
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl In the "pmcmd_ioctl" …

Apr 1, 2025
CVE-2025-21947
8.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix type confusion via race condition when using ipc_msg_send_request req->handle is allocated using ksmbd_acquire_id(&ipc_ida), …

Apr 1, 2025
CVE-2025-21946
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parse_sec_desc() If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd …

Apr 1, 2025
CVE-2025-21945
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2_lock If smb_lock->zero_len has value, ->llist of smb_lock is not delete …

Apr 1, 2025
CVE-2025-21934
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() …

Apr 1, 2025
CVE-2025-21929
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, …

Apr 1, 2025
CVE-2025-21928
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a …

Apr 1, 2025
CVE-2025-21927
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header …

Apr 1, 2025
CVE-2025-21923
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when detaching device When a hid-steam device is removed it must …

Apr 1, 2025
CVE-2025-21920
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet …

Apr 1, 2025
CVE-2025-21919
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to …

Apr 1, 2025
CVE-2025-21915
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in …

Apr 1, 2025
CVE-2025-21914
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for …

Apr 1, 2025
CVE-2025-21905
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file …

Apr 1, 2025
CVE-2025-21896
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fuse: revert back to __readahead_folio() for readahead In commit 3eab9d7bc2f4 ("fuse: convert readahead to use …

Apr 1, 2025
CVE-2025-31910
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a …

Apr 1, 2025
CVE-2025-31908
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup json-structuring-markup allows Stored XSS.This issue affects JSON Structuring Markup: from n/a through <= …

Apr 1, 2025
CVE-2025-31906
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare wp-profitshare allows Stored XSS.This issue affects WP Profitshare: from n/a through <= 1.4.9.

Apr 1, 2025
CVE-2025-31904
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Infoway LLC Ebook Downloader ebook-downloader allows Cross Site Request Forgery.This issue affects Ebook Downloader: from n/a through <= 1.0.

Apr 1, 2025
CVE-2025-31132
8.1 HIGH

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in …

Apr 1, 2025
CVE-2025-31131
8.6 HIGH

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the …

Apr 1, 2025
CVE-2025-28398
7.1 HIGH

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.

Apr 1, 2025
CVE-2025-28395
7.1 HIGH

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.

Apr 1, 2025
CVE-2025-3034
8.1 HIGH

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough …

Apr 1, 2025
CVE-2025-3033
7.7 HIGH

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other …

Apr 1, 2025
CVE-2025-3032
7.4 HIGH

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 …

Apr 1, 2025
CVE-2025-3030
8.1 HIGH

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and …

Apr 1, 2025
CVE-2025-3029
7.3 HIGH

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was …

Apr 1, 2025
CVE-2025-22231
7.8 HIGH

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance …

Apr 1, 2025
CVE-2025-1660
7.8 HIGH

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute …

Apr 1, 2025
CVE-2025-1659
7.8 HIGH

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause …

Apr 1, 2025
CVE-2025-1658
7.8 HIGH

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause …

Apr 1, 2025
CVE-2025-3085
8.1 HIGH

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the …

Apr 1, 2025
CVE-2025-3083
7.5 HIGH

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects …

Apr 1, 2025
CVE-2025-27130
8.8 HIGH

Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote …

Apr 1, 2025
CVE-2025-2891
8.8 HIGH

The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in …

Apr 1, 2025
CVE-2024-12278
7.2 HIGH

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in …

Apr 1, 2025
CVE-2025-31415
7.6 HIGH

Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.

Apr 1, 2025
CVE-2025-31074
8.8 HIGH

Deserialization of Untrusted Data vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Object Injection.This issue affects Mobile DJ Manager: from n/a through <= 1.7.5.2.

Apr 1, 2025
CVE-2025-31024
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in randyjensen RJ Quickcharts rj-quickcharts allows SQL Injection.This issue affects RJ Quickcharts: …

Apr 1, 2025
CVE-2025-31001
7.5 HIGH

Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through <= …

Apr 1, 2025
CVE-2025-30924
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData …

Apr 1, 2025
CVE-2025-30917
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham SKU Generator for WooCommerce sku-for-woocommerce allows Reflected XSS.This issue affects SKU …

Apr 1, 2025
CVE-2025-30910
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager cm-download-manager allows Path Traversal.This issue affects CM Download …

Apr 1, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.