CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-2014
7.8 HIGH

Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Mar 11, 2025
CVE-2025-2013
7.8 HIGH

Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. …

Mar 11, 2025
CVE-2025-2012
7.8 HIGH

Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …

Mar 11, 2025
CVE-2025-28933
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B maxab allows Stored XSS.This issue affects MaxA/B: from n/a through <= 2.2.2.

Mar 11, 2025
CVE-2025-28932
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through <= 2.4.

Mar 11, 2025
CVE-2025-28931
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags wp-hashtags allows Stored XSS.This issue affects Hashtags: from n/a through <= 0.3.2.

Mar 11, 2025
CVE-2025-28925
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification wati-chat-and-notification allows Stored XSS.This issue affects WATI Chat and Notification: from n/a through …

Mar 11, 2025
CVE-2025-28923
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email no-disposable-email allows Stored XSS.This issue affects No Disposable Email: from n/a through <= 2.5.1.

Mar 11, 2025
CVE-2025-28922
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Terence D. Go To Top go-to-top allows Stored XSS.This issue affects Go To Top: from n/a through <= 0.0.8.

Mar 11, 2025
CVE-2025-28905
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: …

Mar 11, 2025
CVE-2025-28901
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users members-page-only-for-logged-in-users allows Stored XSS.This issue affects Members page only for logged …

Mar 11, 2025
CVE-2025-28900
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro tabgarb allows Stored XSS.This issue affects TabGarb Pro: from n/a through <= 2.6.

Mar 11, 2025
CVE-2025-28897
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme domain-theme allows Stored XSS.This issue affects Domain Theme: from n/a through <= 1.3.

Mar 11, 2025
CVE-2025-28895
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suman Biswas Custom top bar custom-top-bar allows Stored XSS.This issue affects Custom top …

Mar 11, 2025
CVE-2025-28894
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress list-posts-by-category allows Stored XSS.This issue affects List of Posts …

Mar 11, 2025
CVE-2025-28892
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync ftp-sync allows Stored XSS.This issue affects FTP Sync: from n/a through <= 1.1.6.

Mar 11, 2025
CVE-2025-28891
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc price-calc allows Stored XSS.This issue affects price-calc: from n/a through <= 0.6.3.

Mar 11, 2025
CVE-2025-28883
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables wp-compare-tables allows Stored XSS.This issue affects WP Compare Tables: from n/a through <= 1.0.5.

Mar 11, 2025
CVE-2025-28861
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through <= …

Mar 11, 2025
CVE-2025-28860
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator google-news-editors-picks-news-feeds allows Stored XSS.This issue affects Google News Editors Picks Feed Generator: …

Mar 11, 2025
CVE-2025-28857
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration rankchecker-io-integration allows Stored XSS.This issue affects Rankchecker.io Integration: from n/a through <= 1.0.9.

Mar 11, 2025
CVE-2025-27181
7.8 HIGH

Substance3D - Modeler versions 1.15.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Mar 11, 2025
CVE-2025-27173
7.8 HIGH

Substance3D - Modeler versions 1.15.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Mar 11, 2025
CVE-2025-25928
8.0 HIGH

A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In …

Mar 11, 2025
CVE-2025-23360
7.1 HIGH

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this …

Mar 11, 2025
CVE-2025-23242
7.3 HIGH

NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation …

Mar 11, 2025
CVE-2025-27773
8.6 HIGH

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in …

Mar 11, 2025
CVE-2025-27440
8.5 HIGH

Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Mar 11, 2025
CVE-2025-27439
8.5 HIGH

Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Mar 11, 2025
CVE-2025-27178
7.8 HIGH

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Mar 11, 2025
CVE-2025-27177
7.8 HIGH

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Mar 11, 2025
CVE-2025-27175
7.8 HIGH

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Mar 11, 2025
CVE-2025-27174
7.8 HIGH

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the …

Mar 11, 2025
CVE-2025-27171
7.8 HIGH

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Mar 11, 2025
CVE-2025-27169
7.8 HIGH

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …

Mar 11, 2025
CVE-2025-27168
7.8 HIGH

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Mar 11, 2025
CVE-2025-27167
7.8 HIGH

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized …

Mar 11, 2025
CVE-2025-27166
7.8 HIGH

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Mar 11, 2025
CVE-2025-27162
7.8 HIGH

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in …

Mar 11, 2025
CVE-2025-27161
7.8 HIGH

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a …

Mar 11, 2025
CVE-2025-27160
7.8 HIGH

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the …

Mar 11, 2025
CVE-2025-27159
7.8 HIGH

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the …

Mar 11, 2025
CVE-2025-27158
7.8 HIGH

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in …

Mar 11, 2025
CVE-2025-25749
7.1 HIGH

An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.

Mar 11, 2025
CVE-2025-25748
7.3 HIGH

A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users …

Mar 11, 2025
CVE-2025-24453
7.8 HIGH

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Mar 11, 2025
CVE-2025-24452
7.8 HIGH

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Mar 11, 2025
CVE-2025-24451
7.8 HIGH

Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Mar 11, 2025
CVE-2025-24450
7.8 HIGH

Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Mar 11, 2025
CVE-2025-24445
7.8 HIGH

Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Mar 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.