CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-54448
7.2 HIGH

The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or …

Mar 14, 2025
CVE-2025-29387
7.1 HIGH

In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Mar 14, 2025
CVE-2025-25871
8.0 HIGH

An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function

Mar 14, 2025
CVE-2023-45588
8.2 HIGH

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local …

Mar 14, 2025
CVE-2024-46662
8.8 HIGH

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 …

Mar 14, 2025
CVE-2023-52927
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove …

Mar 14, 2025
CVE-2025-2268
7.5 HIGH

The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via …

Mar 14, 2025
CVE-2025-27594
7.5 HIGH

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby …

Mar 14, 2025
CVE-2024-13773
7.3 HIGH

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and …

Mar 14, 2025
CVE-2024-12810
8.8 HIGH

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing …

Mar 14, 2025
CVE-2024-26006
7.5 HIGH

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below …

Mar 14, 2025
CVE-2024-8176
7.5 HIGH

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML …

Mar 14, 2025
CVE-2024-13321
7.5 HIGH

The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient …

Mar 14, 2025
CVE-2025-2221
7.5 HIGH

The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due …

Mar 14, 2025
CVE-2025-2103
8.8 HIGH

The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check …

Mar 14, 2025
CVE-2025-1764
7.5 HIGH

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. …

Mar 14, 2025
CVE-2025-0952
8.1 HIGH

The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial …

Mar 14, 2025
CVE-2024-13913
8.8 HIGH

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, …

Mar 14, 2025
CVE-2024-13376
8.8 HIGH

The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on …

Mar 14, 2025
CVE-2025-2056
7.5 HIGH

The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and …

Mar 14, 2025
CVE-2024-11283
7.5 HIGH

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function …

Mar 14, 2025
CVE-2025-24855
7.8 HIGH

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is …

Mar 14, 2025
CVE-2024-55549
7.8 HIGH

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

Mar 14, 2025
CVE-2025-2230
7.7 HIGH

A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.

Mar 13, 2025
CVE-2025-2229
7.7 HIGH

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.

Mar 13, 2025
CVE-2025-25598
8.8 HIGH

Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable …

Mar 13, 2025
CVE-2025-24053
7.2 HIGH

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

Mar 13, 2025
CVE-2025-2284
7.5 HIGH

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".

Mar 13, 2025
CVE-2025-2265
7.8 HIGH

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the …

Mar 13, 2025
CVE-2025-2264
7.5 HIGH

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk …

Mar 13, 2025
CVE-2025-1652
7.8 HIGH

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause …

Mar 13, 2025
CVE-2025-1651
7.8 HIGH

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause …

Mar 13, 2025
CVE-2025-1650
7.8 HIGH

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause …

Mar 13, 2025
CVE-2025-1649
7.8 HIGH

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause …

Mar 13, 2025
CVE-2025-1433
7.8 HIGH

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause …

Mar 13, 2025
CVE-2025-1432
7.8 HIGH

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a …

Mar 13, 2025
CVE-2025-1431
7.8 HIGH

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause …

Mar 13, 2025
CVE-2025-1430
7.8 HIGH

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute …

Mar 13, 2025
CVE-2025-1429
7.8 HIGH

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause …

Mar 13, 2025
CVE-2025-1428
7.8 HIGH

A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause …

Mar 13, 2025
CVE-2025-1427
7.8 HIGH

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause …

Mar 13, 2025
CVE-2024-53406
8.8 HIGH

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a …

Mar 13, 2025
CVE-2025-29363
7.5 HIGH

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of …

Mar 13, 2025
CVE-2025-29362
7.5 HIGH

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) …

Mar 13, 2025
CVE-2025-29361
7.5 HIGH

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) …

Mar 13, 2025
CVE-2025-29360
7.5 HIGH

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of …

Mar 13, 2025
CVE-2025-29359
7.5 HIGH

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) …

Mar 13, 2025
CVE-2025-29358
7.5 HIGH

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) …

Mar 13, 2025
CVE-2025-29357
7.5 HIGH

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of …

Mar 13, 2025
CVE-2025-2280
8.1 HIGH

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature.

Mar 13, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.