CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-1400
3.1 LOW

Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.

May 7, 2025
CVE-2025-1399
3.1 LOW

Out-of-bounds Read vulnerability in unpack_response (session.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.

May 7, 2025
CVE-2025-23379
3.5 LOW

Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker …

May 6, 2025
CVE-2025-22479
3.5 LOW

Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated …

May 6, 2025
CVE-2025-46814
3.4 LOW

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability …

May 6, 2025
CVE-2025-27248
3.3 LOW

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

May 6, 2025
CVE-2025-27241
3.3 LOW

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

May 6, 2025
CVE-2025-27132
3.8 LOW

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only …

May 6, 2025
CVE-2025-25218
3.3 LOW

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

May 6, 2025
CVE-2025-25052
3.3 LOW

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.

May 6, 2025
CVE-2025-22886
3.3 LOW

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

May 6, 2025
CVE-2025-4328
3.5 LOW

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of …

May 6, 2025
CVE-2025-4326
2.4 LOW

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /admin/chip/add.do of the component Add …

May 6, 2025
CVE-2025-4325
2.4 LOW

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category …

May 6, 2025
CVE-2025-4324
2.4 LOW

A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External …

May 6, 2025
CVE-2025-4323
2.4 LOW

A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit …

May 6, 2025
CVE-2025-4293
2.4 LOW

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the …

May 5, 2025
CVE-2025-4292
2.4 LOW

A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/user/edit.do of …

May 5, 2025
CVE-2025-4287
3.3 LOW

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. …

May 5, 2025
CVE-2025-4286
2.7 LOW

A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos …

May 5, 2025
CVE-2025-46720
3.1 LOW

Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding …

May 5, 2025
CVE-2025-4257
3.5 LOW

A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation …

May 5, 2025
CVE-2025-4256
3.5 LOW

A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus …

May 5, 2025
CVE-2025-47229
2.9 LOW

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such …

May 3, 2025
CVE-2025-4215
3.1 LOW

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file …

May 2, 2025
CVE-2024-58253
2.9 LOW

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces …

May 2, 2025
CVE-2025-3514
3.5 LOW

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin …

May 2, 2025
CVE-2025-3513
3.5 LOW

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin …

May 2, 2025
CVE-2023-37517
3.2 LOW

Missing "no cache" headers in HCL Leap permits sensitive data to be cached.

Apr 30, 2025
CVE-2024-47784
2.6 LOW

Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web …

Apr 30, 2025
CVE-2025-32972
2.7 LOW

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, …

Apr 30, 2025
CVE-2025-32971
3.8 LOW

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, …

Apr 30, 2025
CVE-2025-46350
3.5 LOW

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from …

Apr 29, 2025
CVE-2024-12273
3.5 LOW

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as …

Apr 29, 2025
CVE-2025-46330
3.3 LOW

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code …

Apr 29, 2025
CVE-2025-46329
3.3 LOW

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging …

Apr 29, 2025
CVE-2025-46328
3.3 LOW

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When …

Apr 28, 2025
CVE-2025-46327
3.3 LOW

gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using …

Apr 28, 2025
CVE-2025-46326
3.3 LOW

snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When …

Apr 28, 2025
CVE-2025-0049
3.5 LOW

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server …

Apr 28, 2025
CVE-2025-46614
3.3 LOW

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive …

Apr 28, 2025
CVE-2023-35816
3.5 LOW

DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.

Apr 28, 2025
CVE-2023-35815
3.5 LOW

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.

Apr 28, 2025
CVE-2023-35814
3.5 LOW

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.

Apr 28, 2025
CVE-2025-23376
2.3 LOW

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged …

Apr 28, 2025
CVE-2025-4012
2.7 LOW

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create …

Apr 28, 2025
CVE-2025-4011
3.5 LOW

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation …

Apr 28, 2025
CVE-2025-32471
3.7 LOW

The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.

Apr 28, 2025
CVE-2025-0627
3.5 LOW

The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high …

Apr 28, 2025
CVE-2024-9771
3.5 LOW

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to …

Apr 28, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.