CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-24234
7.8 HIGH

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious …

Mar 31, 2025
CVE-2025-24229
7.4 HIGH

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A sandboxed app …

Mar 31, 2025
CVE-2025-24228
7.8 HIGH

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An …

Mar 31, 2025
CVE-2025-24221
7.5 HIGH

This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain …

Mar 31, 2025
CVE-2025-24213
7.8 HIGH

This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia …

Mar 31, 2025
CVE-2025-24209
7.0 HIGH

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS …

Mar 31, 2025
CVE-2025-24196
8.8 HIGH

A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user …

Mar 31, 2025
CVE-2025-24180
8.1 HIGH

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, …

Mar 31, 2025
CVE-2025-24173
7.8 HIGH

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma …

Mar 31, 2025
CVE-2025-24170
7.8 HIGH

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able …

Mar 31, 2025
CVE-2025-24095
7.6 HIGH

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able …

Mar 31, 2025
CVE-2024-54533
7.0 HIGH

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app …

Mar 31, 2025
CVE-2025-31694
8.1 HIGH

Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.

Mar 31, 2025
CVE-2025-31692
7.5 HIGH

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects …

Mar 31, 2025
CVE-2025-31690
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1.

Mar 31, 2025
CVE-2025-31689
8.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before …

Mar 31, 2025
CVE-2025-31686
8.1 HIGH

Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.

Mar 31, 2025
CVE-2025-31678
8.2 HIGH

Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3.

Mar 31, 2025
CVE-2025-31677
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.

Mar 31, 2025
CVE-2025-31676
8.8 HIGH

Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3.

Mar 31, 2025
CVE-2025-31674
7.5 HIGH

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 …

Mar 31, 2025
CVE-2025-26683
8.1 HIGH

Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.

Mar 31, 2025
CVE-2025-31123
8.7 HIGH

Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the …

Mar 31, 2025
CVE-2025-21893
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in key_put() Once a key's reference count has been reduced to 0, …

Mar 31, 2025
CVE-2025-31129
8.8 HIGH

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 …

Mar 31, 2025
CVE-2025-3006
7.3 HIGH

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-category.php?id=8. …

Mar 31, 2025
CVE-2025-31117
7.5 HIGH

OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified …

Mar 31, 2025
CVE-2025-30005
8.3 HIGH

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved …

Mar 31, 2025
CVE-2025-30004
8.8 HIGH

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This …

Mar 31, 2025
CVE-2025-3002
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the …

Mar 31, 2025
CVE-2023-0881
7.5 HIGH

Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the …

Mar 31, 2025
CVE-2025-31625
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence useinfluence allows Stored XSS.This issue affects Useinfluence: from n/a through <= …

Mar 31, 2025
CVE-2025-31623
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor richtexteditor allows Stored XSS.This issue affects Rich Text Editor: from n/a through <= 1.0.1.

Mar 31, 2025
CVE-2025-31617
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh PostmarkApp Email Integrator postmarkapp-email-integrator allows Cross Site Request Forgery.This issue affects PostmarkApp Email Integrator: from n/a …

Mar 31, 2025
CVE-2025-31616
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress varnish-wp allows Cross Site Request Forgery.This issue affects Varnish WordPress: from n/a through <= 1.7.

Mar 31, 2025
CVE-2025-31615
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows Stored XSS.This issue affects Simple Contact Forms: …

Mar 31, 2025
CVE-2025-31613
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel ab-google-map-travel allows Cross Site Request Forgery.This issue affects AB Google Map Travel : from …

Mar 31, 2025
CVE-2025-31585
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress leadfox allows Cross Site Request Forgery.This issue affects Leadfox for WordPress: from n/a through <= …

Mar 31, 2025
CVE-2025-31583
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Copy Media URL wp-copy-media-url allows Stored XSS.This issue affects WP Copy Media URL: from n/a through …

Mar 31, 2025
CVE-2025-31570
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails advanced-css3-related-posts-widget allows Stored XSS.This issue affects Related Posts Widget with Thumbnails: from n/a …

Mar 31, 2025
CVE-2025-31569
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress related Posts with thumbnails related-posts-list-grid-and-slider-all-in-one allows Stored XSS.This issue affects wordpress related Posts with thumbnails: from n/a …

Mar 31, 2025
CVE-2025-31566
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup Rio Video Gallery rio-video-gallery allows Stored XSS.This issue affects Rio Video Gallery: from n/a through <= 2.3.6.

Mar 31, 2025
CVE-2025-31547
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aphotrax Uptime Robot Plugin for WordPress uptime-robot-monitor allows SQL Injection.This issue …

Mar 31, 2025
CVE-2025-31542
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Blind SQL Injection.This issue affects …

Mar 31, 2025
CVE-2025-31526
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows SQL Injection.This issue affects Behance …

Mar 31, 2025
CVE-2025-2586
7.5 HIGH

A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage …

Mar 31, 2025
CVE-2025-23995
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through 1.0.0.5.

Mar 31, 2025
CVE-2025-3019
7.2 HIGH

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a …

Mar 31, 2025
CVE-2025-2402
8.6 HIGH

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote …

Mar 31, 2025
CVE-2025-31387
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect instawp-connect allows PHP Local File Inclusion.This …

Mar 31, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.