CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-2531
7.8 HIGH

Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Mar 25, 2025
CVE-2025-2530
7.8 HIGH

Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Mar 25, 2025
CVE-2025-27147
8.2 HIGH

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, …

Mar 25, 2025
CVE-2025-29635
7.2 HIGH KEV

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST …

Mar 25, 2025
CVE-2025-22230
7.8 HIGH

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may …

Mar 25, 2025
CVE-2025-1445
7.5 HIGH

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes …

Mar 25, 2025
CVE-2024-53678
8.8 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a …

Mar 25, 2025
CVE-2025-2319
8.8 HIGH

The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is …

Mar 25, 2025
CVE-2024-13690
7.2 HIGH

The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and …

Mar 25, 2025
CVE-2025-2740
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/eligibility.php. …

Mar 25, 2025
CVE-2025-2739
7.3 HIGH

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been rated as critical. This issue affects some unknown processing of …

Mar 25, 2025
CVE-2025-2738
7.3 HIGH

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the …

Mar 25, 2025
CVE-2025-2737
7.3 HIGH

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the …

Mar 25, 2025
CVE-2024-44903
7.5 HIGH

SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however, a patch is available from the vendor. This is in ipac.jsp …

Mar 25, 2025
CVE-2024-13863
7.1 HIGH

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading …

Mar 25, 2025
CVE-2024-13618
7.2 HIGH

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

Mar 25, 2025
CVE-2024-13617
8.6 HIGH

The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server

Mar 25, 2025
CVE-2025-2736
7.3 HIGH

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of …

Mar 25, 2025
CVE-2025-2735
7.3 HIGH

A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality …

Mar 25, 2025
CVE-2025-2734
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file …

Mar 25, 2025
CVE-2025-2732
8.0 HIGH

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated …

Mar 25, 2025
CVE-2025-2731
8.0 HIGH

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared …

Mar 25, 2025
CVE-2025-2730
8.0 HIGH

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified …

Mar 25, 2025
CVE-2025-2729
8.0 HIGH

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. …

Mar 25, 2025
CVE-2025-2728
8.0 HIGH

A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code …

Mar 25, 2025
CVE-2025-2727
8.0 HIGH

A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file …

Mar 25, 2025
CVE-2025-2726
8.0 HIGH

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up …

Mar 25, 2025
CVE-2025-2725
8.0 HIGH

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected …

Mar 25, 2025
CVE-2025-24514
8.8 HIGH

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to …

Mar 25, 2025
CVE-2025-1098
8.8 HIGH

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This …

Mar 25, 2025
CVE-2025-1097
8.8 HIGH

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to …

Mar 25, 2025
CVE-2025-29314
8.1 HIGH

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack.

Mar 24, 2025
CVE-2025-29313
7.5 HIGH

Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of …

Mar 24, 2025
CVE-2025-29311
7.5 HIGH

Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to …

Mar 24, 2025
CVE-2025-2231
7.8 HIGH

PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange …

Mar 24, 2025
CVE-2025-2749
7.2 HIGH KEV

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in …

Mar 24, 2025
CVE-2025-30205
7.6 HIGH

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in …

Mar 24, 2025
CVE-2025-30112
7.1 HIGH

On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554, …

Mar 24, 2025
CVE-2025-0255
7.2 HIGH

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input …

Mar 24, 2025
CVE-2025-2705
7.3 HIGH

A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the …

Mar 24, 2025
CVE-2021-26091
7.5 HIGH

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and …

Mar 24, 2025
CVE-2025-30621
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator translator allows Stored XSS.This issue affects Translator: from n/a through <= 0.3.

Mar 24, 2025
CVE-2025-30620
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator wp-odoo-form-integrator allows Stored XSS.This issue affects WP Odoo Form Integrator: from n/a through <= …

Mar 24, 2025
CVE-2025-30612
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words replace-default-words allows Stored XSS.This issue affects Replace Default Words: from n/a through <= 1.3.

Mar 24, 2025
CVE-2025-30608
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup wordpress-sql-backup allows Stored XSS.This issue affects WordPress SQL Backup: from n/a through <= 3.5.2.

Mar 24, 2025
CVE-2025-30604
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jiangqie JiangQie Official Website Mini Program jiangqie-official-website-mini-program allows Blind SQL Injection.This …

Mar 24, 2025
CVE-2025-30603
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink copy-link allows Stored XSS.This issue affects CopyLink: from n/a through <= 1.1.

Mar 24, 2025
CVE-2025-30602
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alphasis Related Posts via Categories related-posts-via-categories allows Stored XSS.This issue affects Related Posts …

Mar 24, 2025
CVE-2025-30590
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dourou Flickr set slideshows flickr-set-slideshows allows SQL Injection.This issue affects Flickr …

Mar 24, 2025
CVE-2025-30588
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ryan_xantoo Map Contact map-contact allows Stored XSS.This issue affects Map Contact: from n/a through <= 3.0.4.

Mar 24, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.