CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-4091
3.5 LOW

The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as …

May 15, 2025
CVE-2024-4004
3.5 LOW

The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as …

May 15, 2025
CVE-2024-4002
3.5 LOW

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege …

May 15, 2025
CVE-2024-3996
3.5 LOW

The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as …

May 15, 2025
CVE-2024-12767
3.5 LOW

The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts

May 15, 2025
CVE-2024-11140
3.5 LOW

The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow …

May 15, 2025
CVE-2024-10098
2.7 LOW

The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information …

May 15, 2025
CVE-2023-7297
3.5 LOW

The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged …

May 15, 2025
CVE-2025-47279
3.1 LOW

Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. …

May 15, 2025
CVE-2025-2570
2.7 LOW

Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager …

May 15, 2025
CVE-2025-27525
3.9 LOW

Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: …

May 15, 2025
CVE-2025-32421
3.7 LOW

Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the …

May 14, 2025
CVE-2025-0135
3.3 LOW

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the …

May 14, 2025
CVE-2025-23233
3.5 LOW

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via …

May 13, 2025
CVE-2025-22848
3.5 LOW

Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via …

May 13, 2025
CVE-2025-20084
3.5 LOW

Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via …

May 13, 2025
CVE-2025-20057
3.5 LOW

Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via …

May 13, 2025
CVE-2025-20030
2.6 LOW

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially …

May 13, 2025
CVE-2024-31150
3.8 LOW

Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access.

May 13, 2025
CVE-2024-35281
2.5 LOW

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions …

May 13, 2025
CVE-2024-12533
3.3 LOW

Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before …

May 13, 2025
CVE-2025-40571
2.2 LOW

A vulnerability has been identified in Mendix OIDC SSO (Mendix 10.12 compatible) (All versions < V4.0.1), Mendix OIDC SSO (Mendix 9 compatible) (All versions < …

May 13, 2025
CVE-2025-22246
3.0 LOW

Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.

May 13, 2025
CVE-2025-46748
2.7 LOW

An authenticated user attempting to change their password could do so without using the current password.

May 12, 2025
CVE-2025-46744
2.7 LOW

An authenticated administrator could modify the Created By username for a user account

May 12, 2025
CVE-2025-46718
3.3 LOW

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of …

May 12, 2025
CVE-2025-46717
3.3 LOW

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges …

May 12, 2025
CVE-2025-4551
3.5 LOW

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The …

May 11, 2025
CVE-2025-4547
2.4 LOW

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown …

May 11, 2025
CVE-2025-4542
3.1 LOW

A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown …

May 11, 2025
CVE-2025-4537
3.1 LOW

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file …

May 11, 2025
CVE-2025-4534
3.7 LOW

A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. This issue affects some unknown processing. The manipulation leads to weak …

May 11, 2025
CVE-2025-4533
2.7 LOW

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component …

May 11, 2025
CVE-2025-4527
3.7 LOW

A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. …

May 11, 2025
CVE-2025-47816
2.9 LOW

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.

May 10, 2025
CVE-2025-4495
3.5 LOW

A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /memoAjax/save. …

May 10, 2025
CVE-2025-4470
2.4 LOW

A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file …

May 9, 2025
CVE-2025-4469
2.4 LOW

A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The …

May 9, 2025
CVE-2025-4461
2.4 LOW

A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads …

May 9, 2025
CVE-2025-47737
2.9 LOW

lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.

May 9, 2025
CVE-2025-47736
2.9 LOW

dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8.

May 9, 2025
CVE-2025-47735
2.9 LOW

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization.

May 9, 2025
CVE-2025-4460
2.4 LOW

A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation …

May 9, 2025
CVE-2025-46712
3.7 LOW

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), …

May 8, 2025
CVE-2025-44021
2.8 LOW

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A …

May 8, 2025
CVE-2025-47729
1.9 LOW KEV

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described …

May 8, 2025
CVE-2023-7303
3.5 LOW

A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The …

May 7, 2025
CVE-2025-46824
3.1 LOW

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' …

May 7, 2025
CVE-2025-46551
3.7 LOW

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 (corresponding …

May 7, 2025
CVE-2025-20977
3.3 LOW

Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction …

May 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.