CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-2277
7.5 HIGH

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to …

Mar 13, 2025
CVE-2024-10942
7.5 HIGH

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization …

Mar 13, 2025
CVE-2025-25175
7.8 HIGH

A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a …

Mar 13, 2025
CVE-2025-2271
7.7 HIGH

A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct …

Mar 13, 2025
CVE-2025-1119
7.3 HIGH

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and …

Mar 13, 2025
CVE-2025-1487
7.1 HIGH

The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site …

Mar 13, 2025
CVE-2025-1486
7.1 HIGH

The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site …

Mar 13, 2025
CVE-2025-1436
7.1 HIGH

The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which …

Mar 13, 2025
CVE-2025-1401
7.1 HIGH

The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

Mar 13, 2025
CVE-2024-13891
7.1 HIGH

The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site …

Mar 13, 2025
CVE-2024-13885
7.1 HIGH

The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

Mar 13, 2025
CVE-2024-13884
7.1 HIGH

The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected …

Mar 13, 2025
CVE-2025-1561
7.2 HIGH

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and …

Mar 13, 2025
CVE-2025-2107
7.5 HIGH

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and including, …

Mar 13, 2025
CVE-2025-2106
7.5 HIGH

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text' and 'id' parameters of the limpia() function in all versions up to, …

Mar 13, 2025
CVE-2025-25293
7.5 HIGH

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of …

Mar 12, 2025
CVE-2025-25975
7.5 HIGH

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function

Mar 12, 2025
CVE-2025-0118
8.0 HIGH

A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated …

Mar 12, 2025
CVE-2025-0114
7.5 HIGH

A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable …

Mar 12, 2025
CVE-2025-26260
8.8 HIGH

Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The …

Mar 12, 2025
CVE-2025-25711
8.8 HIGH

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint

Mar 12, 2025
CVE-2025-20209
7.5 HIGH

A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an …

Mar 12, 2025
CVE-2025-20146
8.6 HIGH

A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance …

Mar 12, 2025
CVE-2025-20142
8.6 HIGH

A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR …

Mar 12, 2025
CVE-2025-20141
7.4 HIGH

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release …

Mar 12, 2025
CVE-2025-20138
8.8 HIGH

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying …

Mar 12, 2025
CVE-2025-20115
8.6 HIGH

A vulnerability in confederation implementation for the Border Gateway Protocol (BGP)&nbsp;in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial …

Mar 12, 2025
CVE-2025-1683
7.8 HIGH

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged …

Mar 12, 2025
CVE-2025-2240
7.5 HIGH

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. …

Mar 12, 2025
CVE-2025-27788
7.5 HIGH

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of …

Mar 12, 2025
CVE-2025-25709
7.5 HIGH

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints

Mar 12, 2025
CVE-2024-13872
7.5 HIGH

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules …

Mar 12, 2025
CVE-2024-13871
8.8 HIGH

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to …

Mar 12, 2025
CVE-2025-21863
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it …

Mar 12, 2025
CVE-2025-21858
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in geneve_find_dev(). syzkaller reported a use-after-free in geneve_find_dev() [0] without repro. geneve_configure() …

Mar 12, 2025
CVE-2025-21856
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to device_release() in /drivers/base/core.c, a device without …

Mar 12, 2025
CVE-2025-21855
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer …

Mar 12, 2025
CVE-2024-58087
8.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within …

Mar 12, 2025
CVE-2025-2219
7.3 HIGH

A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The …

Mar 12, 2025
CVE-2025-2233
8.8 HIGH

Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication …

Mar 11, 2025
CVE-2025-1707
8.8 HIGH

The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes …

Mar 11, 2025
CVE-2025-2023
7.8 HIGH

Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …

Mar 11, 2025
CVE-2025-2022
7.8 HIGH

Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …

Mar 11, 2025
CVE-2025-2021
7.8 HIGH

Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …

Mar 11, 2025
CVE-2025-2020
7.8 HIGH

Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …

Mar 11, 2025
CVE-2025-2019
7.8 HIGH

Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Mar 11, 2025
CVE-2025-2018
7.8 HIGH

Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …

Mar 11, 2025
CVE-2025-2017
7.8 HIGH

Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …

Mar 11, 2025
CVE-2025-2016
7.8 HIGH

Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …

Mar 11, 2025
CVE-2025-2015
7.8 HIGH

Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …

Mar 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.