CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-2646
7.3 HIGH

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality …

Mar 23, 2025
CVE-2025-2644
7.3 HIGH

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add-art-product.php. …

Mar 23, 2025
CVE-2025-2643
7.3 HIGH

A vulnerability has been found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-art-type-detail.php?editid=1. …

Mar 23, 2025
CVE-2025-2642
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.0. This affects an unknown part of the file /admin/edit-art-product-detail.php?editid=2. …

Mar 23, 2025
CVE-2025-2641
7.3 HIGH

A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. Affected by this issue is some unknown functionality …

Mar 23, 2025
CVE-2025-2640
7.3 HIGH

A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /doctor/appointment-bwdates-reports-details.php. …

Mar 23, 2025
CVE-2025-2186
7.5 HIGH

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in …

Mar 22, 2025
CVE-2025-1971
7.2 HIGH

The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via …

Mar 22, 2025
CVE-2025-1970
7.6 HIGH

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via …

Mar 22, 2025
CVE-2025-2303
8.8 HIGH

The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, …

Mar 22, 2025
CVE-2025-0724
8.8 HIGH

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 …

Mar 22, 2025
CVE-2025-2610
7.6 HIGH

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with …

Mar 21, 2025
CVE-2025-2609
8.2 HIGH

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log …

Mar 21, 2025
CVE-2025-30204
7.5 HIGH

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via …

Mar 21, 2025
CVE-2025-25035
7.3 HIGH

Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform …

Mar 21, 2025
CVE-2025-30349
7.2 HIGH

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message …

Mar 21, 2025
CVE-2025-29230
8.6 HIGH

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter.

Mar 21, 2025
CVE-2024-53350
7.4 HIGH

Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges.

Mar 21, 2025
CVE-2024-53349
7.4 HIGH

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in …

Mar 21, 2025
CVE-2024-53348
7.4 HIGH

LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges.

Mar 21, 2025
CVE-2025-29641
7.3 HIGH

Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL Injection in /index.php via the 'searchinputdata' parameter.

Mar 21, 2025
CVE-2025-24915
7.8 HIGH

When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. …

Mar 21, 2025
CVE-2024-57490
7.7 HIGH

Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through …

Mar 21, 2025
CVE-2025-25068
7.5 HIGH

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers …

Mar 21, 2025
CVE-2025-26336
8.3 HIGH

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior …

Mar 21, 2025
CVE-2025-2585
8.8 HIGH

EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, …

Mar 21, 2025
CVE-2025-29807
8.7 HIGH

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.

Mar 21, 2025
CVE-2024-54551
7.5 HIGH

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, …

Mar 21, 2025
CVE-2024-44305
7.8 HIGH

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root …

Mar 21, 2025
CVE-2024-44199
7.1 HIGH

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected …

Mar 21, 2025
CVE-2025-25758
7.5 HIGH

An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml

Mar 20, 2025
CVE-2025-30160
7.5 HIGH

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by …

Mar 20, 2025
CVE-2025-2480
7.8 HIGH

Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of …

Mar 20, 2025
CVE-2025-29149
7.5 HIGH

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.

Mar 20, 2025
CVE-2025-29121
7.5 HIGH

A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based …

Mar 20, 2025
CVE-2024-57440
7.5 HIGH

D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi

Mar 20, 2025
CVE-2025-29214
7.5 HIGH

Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.

Mar 20, 2025
CVE-2025-23120
8.8 HIGH

A vulnerability allowing remote code execution (RCE) for domain users.

Mar 20, 2025
CVE-2025-29101
7.5 HIGH

Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function.

Mar 20, 2025
CVE-2025-2539
7.5 HIGH

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all …

Mar 20, 2025
CVE-2024-13923
7.6 HIGH

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 …

Mar 20, 2025
CVE-2024-13921
7.2 HIGH

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 …

Mar 20, 2025
CVE-2024-13558
7.5 HIGH

The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due …

Mar 20, 2025
CVE-2025-1796
8.8 HIGH

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used …

Mar 20, 2025
CVE-2025-1473
7.1 HIGH

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a …

Mar 20, 2025
CVE-2025-1451
7.5 HIGH

A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length …

Mar 20, 2025
CVE-2025-1040
8.8 HIGH

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from …

Mar 20, 2025
CVE-2025-0628
8.1 HIGH

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided …

Mar 20, 2025
CVE-2025-0454
7.5 HIGH

A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname …

Mar 20, 2025
CVE-2025-0453
7.5 HIGH

In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly …

Mar 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.