CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-30116
7.5 HIGH

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. …

Mar 18, 2025
CVE-2025-30111
7.5 HIGH

On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained …

Mar 18, 2025
CVE-2025-30107
7.5 HIGH

On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the …

Mar 18, 2025
CVE-2025-25585
7.3 HIGH

Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.

Mar 18, 2025
CVE-2024-44313
8.1 HIGH

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to …

Mar 18, 2025
CVE-2025-30106
8.8 HIGH

On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. This allows an attacker within Wi-Fi range …

Mar 18, 2025
CVE-2025-2450
8.8 HIGH

NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Mar 18, 2025
CVE-2025-2449
8.8 HIGH

NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of …

Mar 18, 2025
CVE-2025-25500
7.5 HIGH

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows …

Mar 18, 2025
CVE-2024-21760
8.4 HIGH

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 …

Mar 18, 2025
CVE-2025-2493
7.5 HIGH

Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to …

Mar 18, 2025
CVE-2025-1468
7.5 HIGH

An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.

Mar 18, 2025
CVE-2024-23942
7.1 HIGH

A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or …

Mar 18, 2025
CVE-2025-25220
8.8 HIGH

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. If this vulnerability …

Mar 18, 2025
CVE-2025-24306
7.2 HIGH

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. If this vulnerability …

Mar 18, 2025
CVE-2025-0755
8.4 HIGH

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final …

Mar 18, 2025
CVE-2025-2262
7.3 HIGH

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in …

Mar 18, 2025
CVE-2025-2473
7.3 HIGH

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the …

Mar 18, 2025
CVE-2025-2472
7.3 HIGH

A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of …

Mar 18, 2025
CVE-2025-2398
7.2 HIGH

A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects …

Mar 17, 2025
CVE-2025-29910
7.5 HIGH

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the …

Mar 17, 2025
CVE-2025-2391
7.3 HIGH

A vulnerability classified as critical was found in code-projects Blood Bank Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_login.php of the …

Mar 17, 2025
CVE-2024-54525
8.8 HIGH

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS …

Mar 17, 2025
CVE-2024-44276
7.3 HIGH

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user …

Mar 17, 2025
CVE-2025-2388
7.3 HIGH

A vulnerability was found in Keytop 路内停车收费系统 2.7.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file …

Mar 17, 2025
CVE-2025-2387
7.3 HIGH

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file …

Mar 17, 2025
CVE-2025-26125
7.3 HIGH

An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges.

Mar 17, 2025
CVE-2025-22473
7.8 HIGH

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low …

Mar 17, 2025
CVE-2025-22472
7.8 HIGH

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low …

Mar 17, 2025
CVE-2024-49561
7.8 HIGH

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit …

Mar 17, 2025
CVE-2024-49559
8.8 HIGH

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially …

Mar 17, 2025
CVE-2024-48831
8.4 HIGH

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading …

Mar 17, 2025
CVE-2025-2386
7.3 HIGH

A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical. This issue affects some unknown processing of the …

Mar 17, 2025
CVE-2025-2385
7.3 HIGH

A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation …

Mar 17, 2025
CVE-2025-2241
8.2 HIGH

A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed …

Mar 17, 2025
CVE-2025-25685
7.5 HIGH

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic …

Mar 17, 2025
CVE-2025-25684
7.5 HIGH

A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file …

Mar 17, 2025
CVE-2024-48830
7.8 HIGH

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low …

Mar 17, 2025
CVE-2024-48013
8.8 HIGH

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially …

Mar 17, 2025
CVE-2025-2383
7.3 HIGH

A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality …

Mar 17, 2025
CVE-2025-2382
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file …

Mar 17, 2025
CVE-2025-2381
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Affected is an unknown function of the file /admin/search-pass.php. The …

Mar 17, 2025
CVE-2025-25612
7.1 HIGH

FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to Cross Site Scripting (XSS) in the Time Range Configuration functionality of the administration interface. An …

Mar 17, 2025
CVE-2025-2380
7.3 HIGH

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the …

Mar 17, 2025
CVE-2025-2379
7.3 HIGH

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file …

Mar 17, 2025
CVE-2025-29786
7.5 HIGH

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, …

Mar 17, 2025
CVE-2025-0833
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker …

Mar 17, 2025
CVE-2025-0832
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker …

Mar 17, 2025
CVE-2025-0830
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to …

Mar 17, 2025
CVE-2025-0829
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker …

Mar 17, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.