CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-10275
7.3 HIGH

In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of …

Mar 20, 2025
CVE-2024-10272
7.5 HIGH

lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can view the content of any dataset without any kind of authorization …

Mar 20, 2025
CVE-2024-10267
7.5 HIGH

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting …

Mar 20, 2025
CVE-2024-10252
7.2 HIGH

A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to …

Mar 20, 2025
CVE-2024-10225
7.5 HIGH

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end …

Mar 20, 2025
CVE-2024-10188
7.5 HIGH

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to …

Mar 20, 2025
CVE-2024-10110
7.5 HIGH

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main …

Mar 20, 2025
CVE-2024-10109
8.3 HIGH

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them …

Mar 20, 2025
CVE-2024-10051
7.5 HIGH

Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service (DoS) attack. The vulnerability exists in the file upload request handling, where appending characters, …

Mar 20, 2025
CVE-2025-22228
7.4 HIGH

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

Mar 20, 2025
CVE-2025-1770
8.8 HIGH

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, …

Mar 20, 2025
CVE-2024-13881
7.1 HIGH

The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

Mar 20, 2025
CVE-2024-13880
7.1 HIGH

The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected …

Mar 20, 2025
CVE-2024-13878
7.1 HIGH

The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site …

Mar 20, 2025
CVE-2024-13877
7.1 HIGH

The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to …

Mar 20, 2025
CVE-2024-13876
7.1 HIGH

The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site …

Mar 20, 2025
CVE-2024-13875
7.1 HIGH

The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site …

Mar 20, 2025
CVE-2025-27787
7.5 HIGH

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service (DoS) in restart.py. `model_name` in train.py takes user input, …

Mar 19, 2025
CVE-2025-27785
7.5 HIGH

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_index` function. This issue may lead to …

Mar 19, 2025
CVE-2025-27784
7.5 HIGH

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_pth` function. This issue may lead to …

Mar 19, 2025
CVE-2025-27777
7.5 HIGH

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) in `model_download.py` (line 195 in 3.2.7). The blind …

Mar 19, 2025
CVE-2025-2476
8.8 HIGH

Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Mar 19, 2025
CVE-2025-27415
7.5 HIGH

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it …

Mar 19, 2025
CVE-2024-51459
8.4 HIGH

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.

Mar 19, 2025
CVE-2025-29924
7.5 HIGH

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through …

Mar 19, 2025
CVE-2025-30154
8.6 HIGH KEV

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps …

Mar 19, 2025
CVE-2025-30153
7.5 HIGH

kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows …

Mar 19, 2025
CVE-2024-55551
8.3 HIGH

An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the …

Mar 19, 2025
CVE-2024-13933
8.8 HIGH

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. …

Mar 19, 2025
CVE-2024-12920
8.8 HIGH

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a …

Mar 19, 2025
CVE-2024-12137
7.6 HIGH

Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01.

Mar 19, 2025
CVE-2024-13412
7.5 HIGH

The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions …

Mar 19, 2025
CVE-2025-30236
8.6 HIGH

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a …

Mar 19, 2025
CVE-2025-1232
8.8 HIGH

The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform …

Mar 19, 2025
CVE-2024-50631
7.5 HIGH

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, …

Mar 19, 2025
CVE-2024-50630
7.5 HIGH

Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain …

Mar 19, 2025
CVE-2025-30234
8.3 HIGH

SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image …

Mar 19, 2025
CVE-2024-12295
8.8 HIGH

The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is …

Mar 19, 2025
CVE-2024-10444
7.5 HIGH

Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication …

Mar 19, 2025
CVE-2025-30140
7.5 HIGH

An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered …

Mar 18, 2025
CVE-2024-12563
8.8 HIGH

The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. This …

Mar 18, 2025
CVE-2025-30142
8.1 HIGH

An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism …

Mar 18, 2025
CVE-2025-30141
7.5 HIGH

An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints …

Mar 18, 2025
CVE-2025-29907
7.5 HIGH

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU …

Mar 18, 2025
CVE-2025-24801
8.5 HIGH

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the …

Mar 18, 2025
CVE-2025-24799
7.5 HIGH

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is …

Mar 18, 2025
CVE-2025-26137
7.5 HIGH

Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by …

Mar 18, 2025
CVE-2025-27688
7.8 HIGH

Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation …

Mar 18, 2025
CVE-2025-25589
8.1 HIGH

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted …

Mar 18, 2025
CVE-2025-30117
7.3 HIGH

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can …

Mar 18, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.