CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-24043
7.5 HIGH

Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.

Mar 11, 2025
CVE-2025-24035
8.1 HIGH

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

Mar 11, 2025
CVE-2025-21180
7.8 HIGH

Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.

Mar 11, 2025
CVE-2025-21169
7.8 HIGH

Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Mar 11, 2025
CVE-2024-9157
7.8 HIGH

** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a …

Mar 11, 2025
CVE-2025-27617
8.8 HIGH

Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a …

Mar 11, 2025
CVE-2025-25680
7.7 HIGH

LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary …

Mar 11, 2025
CVE-2025-22454
7.8 HIGH

Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

Mar 11, 2025
CVE-2024-55590
8.8 HIGH

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an …

Mar 11, 2025
CVE-2024-54018
7.2 HIGH

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands …

Mar 11, 2025
CVE-2024-52961
8.8 HIGH

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through …

Mar 11, 2025
CVE-2024-51321
7.6 HIGH

In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after …

Mar 11, 2025
CVE-2024-51319
7.3 HIGH

A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading …

Mar 11, 2025
CVE-2024-45328
7.8 HIGH

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console …

Mar 11, 2025
CVE-2024-45324
7.2 HIGH

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, …

Mar 11, 2025
CVE-2023-48790
7.5 HIGH

A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a …

Mar 11, 2025
CVE-2023-40723
8.1 HIGH

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and …

Mar 11, 2025
CVE-2023-37933
8.8 HIGH

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows …

Mar 11, 2025
CVE-2025-27363
8.1 HIGH KEV

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph …

Mar 11, 2025
CVE-2024-54084
7.5 HIGH

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability …

Mar 11, 2025
CVE-2025-27493
8.2 HIGH

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize …

Mar 11, 2025
CVE-2025-27438
7.8 HIGH

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions …

Mar 11, 2025
CVE-2025-27396
8.8 HIGH

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to …

Mar 11, 2025
CVE-2025-27395
7.2 HIGH

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through …

Mar 11, 2025
CVE-2025-27394
7.2 HIGH

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP …

Mar 11, 2025
CVE-2025-27393
7.2 HIGH

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. …

Mar 11, 2025
CVE-2025-27392
7.2 HIGH

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN …

Mar 11, 2025
CVE-2025-23402
7.8 HIGH

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions …

Mar 11, 2025
CVE-2025-23401
7.8 HIGH

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions …

Mar 11, 2025
CVE-2025-23400
7.8 HIGH

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions …

Mar 11, 2025
CVE-2025-23399
7.8 HIGH

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions …

Mar 11, 2025
CVE-2025-23398
7.8 HIGH

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions …

Mar 11, 2025
CVE-2025-23397
7.8 HIGH

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions …

Mar 11, 2025
CVE-2025-23396
7.8 HIGH

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions …

Mar 11, 2025
CVE-2024-56182
8.2 HIGH

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions …

Mar 11, 2025
CVE-2024-56181
8.2 HIGH

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < …

Mar 11, 2025
CVE-2025-2177
7.3 HIGH

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of …

Mar 11, 2025
CVE-2025-2176
7.3 HIGH

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads …

Mar 11, 2025
CVE-2025-27912
8.8 HIGH

An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is …

Mar 11, 2025
CVE-2025-2190
8.1 HIGH

The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.

Mar 11, 2025
CVE-2024-13864
7.1 HIGH

The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected …

Mar 11, 2025
CVE-2024-13862
7.1 HIGH

The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading …

Mar 11, 2025
CVE-2024-13836
7.1 HIGH

The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

Mar 11, 2025
CVE-2024-13574
7.1 HIGH

The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

Mar 11, 2025
CVE-2025-2169
7.3 HIGH

The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. …

Mar 11, 2025
CVE-2024-12010
7.2 HIGH

A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator …

Mar 11, 2025
CVE-2024-12009
7.2 HIGH

A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator …

Mar 11, 2025
CVE-2024-11253
7.2 HIGH

A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an …

Mar 11, 2025
CVE-2025-27434
8.8 HIGH

Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged …

Mar 11, 2025
CVE-2025-26661
8.8 HIGH

Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation …

Mar 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.