CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-15272
8.8 HIGH

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. …

Dec 31, 2025
CVE-2025-15271
8.8 HIGH

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Dec 31, 2025
CVE-2025-15270
8.8 HIGH

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Dec 31, 2025
CVE-2025-15269
8.8 HIGH

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction …

Dec 31, 2025
CVE-2025-14783
4.3 MEDIUM

The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient …

Dec 31, 2025
CVE-2025-69277
4.5 MEDIUM

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is …

Dec 31, 2025
CVE-2025-68885
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through <= 1.1.0.

Dec 31, 2025
CVE-2025-49354
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from …

Dec 31, 2025
CVE-2025-49353
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noindex by Path noindex-by-path allows Stored XSS.This issue affects Noindex by Path: from n/a through <= 1.0.

Dec 31, 2025
CVE-2025-49345
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives wp-easyarchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through <= 3.1.2.

Dec 31, 2025
CVE-2025-49344
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in reneade SensitiveTagCloud sensitive-tag-cloud allows Stored XSS.This issue affects SensitiveTagCloud: from n/a through <= 1.4.1.

Dec 31, 2025
CVE-2025-49343
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in socialprofilr Social Profilr social-profilr-display-social-network-profile allows Stored XSS.This issue affects Social Profilr: from n/a through <= 1.0.

Dec 31, 2025
CVE-2025-49342
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in merzedes Custom Style custom-style allows Stored XSS.This issue affects Custom Style: from n/a through <= 1.0.

Dec 31, 2025
CVE-2025-14434
5.3 MEDIUM

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upk_alex_grid_loadmore_posts without ensuring that posts to …

Dec 31, 2025
CVE-2025-13029
7.5 HIGH

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete …

Dec 31, 2025
CVE-2025-59137
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.

Dec 31, 2025
CVE-2025-49346
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through <= 5.2.

Dec 31, 2025
CVE-2025-15375
6.3 MEDIUM

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist …

Dec 31, 2025
CVE-2025-15374
3.5 LOW

A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. …

Dec 31, 2025
CVE-2025-15373
6.3 MEDIUM

A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side …

Dec 31, 2025
CVE-2025-15372
2.4 LOW

A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice …

Dec 31, 2025
CVE-2025-15223
4.3 MEDIUM

A vulnerability was found in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. Impacted is an unknown function of the file /login.php. Performing manipulation of the argument Username …

Dec 31, 2025
CVE-2025-68131
7.5 HIGH

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a …

Dec 31, 2025
CVE-2025-15371
7.8 HIGH

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function …

Dec 31, 2025
CVE-2025-11964
1.9 LOW

On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, …

Dec 31, 2025
CVE-2025-11961
1.9 LOW

pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed …

Dec 31, 2025
CVE-2025-62753
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos masvideos allows PHP Local File Inclusion.This …

Dec 30, 2025
CVE-2025-59131
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in hoernerfranz WP-CalDav2ICS wp-caldav2ics allows Stored XSS.This issue affects WP-CalDav2ICS: from n/a through <= 1.3.4.

Dec 30, 2025
CVE-2025-15114
9.8 CRITICAL

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file …

Dec 30, 2025
CVE-2025-15113
9.3 CRITICAL

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. …

Dec 30, 2025
CVE-2025-15112
5.4 MEDIUM

Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. …

Dec 30, 2025
CVE-2025-15111
9.8 CRITICAL

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak …

Dec 30, 2025
CVE-2024-58338
10.0 CRITICAL

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit …

Dec 30, 2025
CVE-2024-58337
4.3 MEDIUM

Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can …

Dec 30, 2025
CVE-2024-58336
5.3 MEDIUM

Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. …

Dec 30, 2025
CVE-2024-58315
7.8 HIGH

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can …

Dec 30, 2025
CVE-2023-54327
9.8 CRITICAL

Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit …

Dec 30, 2025
CVE-2023-54163
7.5 HIGH

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL …

Dec 30, 2025
CVE-2023-53983
9.8 CRITICAL

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to …

Dec 30, 2025
CVE-2022-50804
8.8 HIGH

JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to cross-site request forgery (CSRF) attacks, allowing attackers to perform administrative actions on behalf of authenticated users without …

Dec 30, 2025
CVE-2022-50803
9.8 CRITICAL

JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.

Dec 30, 2025
CVE-2022-50802
6.1 MEDIUM

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers …

Dec 30, 2025
CVE-2022-50801
4.3 MEDIUM

JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will …

Dec 30, 2025
CVE-2022-50800
7.5 HIGH

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames …

Dec 30, 2025
CVE-2022-50799
7.5 HIGH

Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can …

Dec 30, 2025
CVE-2022-50798

Rejected reason: This candidate is a duplicate of CVE-2017-11359.

Dec 30, 2025
CVE-2022-50796
9.8 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script …

Dec 30, 2025
CVE-2022-50795
7.8 HIGH

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can …

Dec 30, 2025
CVE-2022-50794
9.8 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting …

Dec 30, 2025
CVE-2022-50793
8.8 HIGH

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. …

Dec 30, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.