CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-1828
8.8 HIGH

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and …

Mar 11, 2025
CVE-2025-27925
8.5 HIGH

Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.

Mar 10, 2025
CVE-2025-27610
7.5 HIGH

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` …

Mar 10, 2025
CVE-2025-27910
8.0 HIGH

tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a …

Mar 10, 2025
CVE-2025-25907
8.8 HIGH

tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a …

Mar 10, 2025
CVE-2025-2137
8.8 HIGH

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a …

Mar 10, 2025
CVE-2025-2136
8.8 HIGH

Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Mar 10, 2025
CVE-2025-2135
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Mar 10, 2025
CVE-2025-1920
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Mar 10, 2025
CVE-2024-56192
7.8 HIGH

In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …

Mar 10, 2025
CVE-2024-56191
8.4 HIGH

In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional …

Mar 10, 2025
CVE-2025-27913
7.5 HIGH

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with …

Mar 10, 2025
CVE-2022-43454
7.8 HIGH

A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, …

Mar 10, 2025
CVE-2025-27616
8.5 HIGH

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook …

Mar 10, 2025
CVE-2025-27615
8.2 HIGH

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with …

Mar 10, 2025
CVE-2025-26696
7.0 HIGH

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being …

Mar 10, 2025
CVE-2025-22603
8.1 HIGH

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains …

Mar 10, 2025
CVE-2024-54546
7.5 HIGH

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system …

Mar 10, 2025
CVE-2024-44227
7.5 HIGH

The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be …

Mar 10, 2025
CVE-2025-25382
7.5 HIGH

An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request.

Mar 10, 2025
CVE-2025-26933
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows …

Mar 10, 2025
CVE-2025-26910
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects WPBookit: from n/a through <= 1.0.1.

Mar 10, 2025
CVE-2025-25614
8.8 HIGH

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.

Mar 10, 2025
CVE-2024-13919
8.0 HIGH

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode …

Mar 10, 2025
CVE-2024-13918
8.0 HIGH

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode …

Mar 10, 2025
CVE-2025-27256
8.3 HIGH

Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the …

Mar 10, 2025
CVE-2025-27255
8.0 HIGH

Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable …

Mar 10, 2025
CVE-2025-27254
8.0 HIGH

CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry …

Mar 10, 2025
CVE-2024-11638
8.8 HIGH

The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated …

Mar 10, 2025
CVE-2024-43107
7.2 HIGH

Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue …

Mar 10, 2025
CVE-2024-41724
8.7 HIGH

Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of …

Mar 10, 2025
CVE-2025-2118
7.3 HIGH

A vulnerability was found in Quantico Tecnologia PRMV 6.48. It has been classified as critical. This affects an unknown part of the file /admin/login.php of …

Mar 9, 2025
CVE-2025-2113
7.3 HIGH

A vulnerability was found in AT Software Solutions ATSVD up to 3.4.1. It has been rated as critical. Affected by this issue is some unknown …

Mar 9, 2025
CVE-2024-11640
8.8 HIGH

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is …

Mar 8, 2025
CVE-2025-1323
7.5 HIGH

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, …

Mar 8, 2025
CVE-2024-13359
8.1 HIGH

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function …

Mar 8, 2025
CVE-2024-13882
8.8 HIGH

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file …

Mar 8, 2025
CVE-2024-13908
7.2 HIGH

The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all …

Mar 8, 2025
CVE-2024-11087
8.1 HIGH

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, …

Mar 8, 2025
CVE-2024-13890
7.2 HIGH

The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to …

Mar 8, 2025
CVE-2024-13835
7.2 HIGH

The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.4. This is due …

Mar 8, 2025
CVE-2025-2097
8.8 HIGH

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The …

Mar 7, 2025
CVE-2025-27822
7.5 HIGH

An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module …

Mar 7, 2025
CVE-2025-2024
7.8 HIGH

Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble …

Mar 7, 2025
CVE-2025-27607
8.8 HIGH

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE …

Mar 7, 2025
CVE-2025-27604
7.5 HIGH

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest …

Mar 7, 2025
CVE-2025-0162
7.1 HIGH

IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker …

Mar 7, 2025
CVE-2024-53700
7.2 HIGH

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute …

Mar 7, 2025
CVE-2024-53699
7.2 HIGH

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained …

Mar 7, 2025
CVE-2024-53697
7.2 HIGH

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained …

Mar 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.