CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-53693
7.1 HIGH

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow …

Mar 7, 2025
CVE-2024-50394
8.8 HIGH

An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the …

Mar 7, 2025
CVE-2024-38638
7.2 HIGH

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained …

Mar 7, 2025
CVE-2025-2088
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System up to 1.0. Affected is an unknown function of the file …

Mar 7, 2025
CVE-2024-13668
7.1 HIGH

The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to …

Mar 7, 2025
CVE-2025-0959
8.8 HIGH

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up …

Mar 7, 2025
CVE-2024-9658
8.8 HIGH

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. …

Mar 7, 2025
CVE-2024-12036
7.5 HIGH

The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This …

Mar 7, 2025
CVE-2024-12035
8.8 HIGH

The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions …

Mar 7, 2025
CVE-2024-10804
7.5 HIGH

The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via …

Mar 7, 2025
CVE-2025-26331
7.8 HIGH

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local …

Mar 7, 2025
CVE-2025-1309
8.8 HIGH

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to …

Mar 7, 2025
CVE-2024-13906
7.2 HIGH

The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up …

Mar 7, 2025
CVE-2024-12837
7.8 HIGH

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.

Mar 7, 2025
CVE-2024-13655
8.1 HIGH

The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of …

Mar 7, 2025
CVE-2024-13320
7.5 HIGH

The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up …

Mar 7, 2025
CVE-2025-2067
7.3 HIGH

A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. …

Mar 7, 2025
CVE-2025-2066
7.3 HIGH

A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /updateAgent.php. …

Mar 7, 2025
CVE-2025-2065
7.3 HIGH

A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. …

Mar 7, 2025
CVE-2025-2064
7.3 HIGH

A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality …

Mar 7, 2025
CVE-2025-2063
7.3 HIGH

A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file …

Mar 7, 2025
CVE-2025-2062
7.3 HIGH

A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The …

Mar 7, 2025
CVE-2025-2060
7.3 HIGH

A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an unknown part of the file …

Mar 7, 2025
CVE-2025-2059
7.3 HIGH

A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …

Mar 7, 2025
CVE-2025-2058
7.3 HIGH

A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of …

Mar 7, 2025
CVE-2025-2057
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. …

Mar 7, 2025
CVE-2025-0749
8.1 HIGH

The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being …

Mar 7, 2025
CVE-2025-2050
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul User Registration & Login and User Management System 3.3. Affected by this vulnerability is an unknown …

Mar 7, 2025
CVE-2025-27598
7.5 HIGH

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using …

Mar 6, 2025
CVE-2025-2038
7.3 HIGH

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the …

Mar 6, 2025
CVE-2025-25497
8.1 HIGH

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier (fixed in v.8.2.7) allows unauthorized changes to the "Account Owner" field due to …

Mar 6, 2025
CVE-2025-26167
7.5 HIGH

Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files.

Mar 6, 2025
CVE-2025-25381
7.5 HIGH

Incorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.0 allows to view sensitive information such as usernames and passwords.

Mar 6, 2025
CVE-2024-50600
7.5 HIGH

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of …

Mar 6, 2025
CVE-2025-2034
7.3 HIGH

A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

Mar 6, 2025
CVE-2024-52924
7.5 HIGH

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, …

Mar 6, 2025
CVE-2024-52923
7.5 HIGH

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, …

Mar 6, 2025
CVE-2024-58083
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is …

Mar 6, 2025
CVE-2024-51476
7.5 HIGH

IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

Mar 6, 2025
CVE-2024-12742
7.8 HIGH

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker …

Mar 6, 2025
CVE-2024-58072
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused check_buddy_priv Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global list …

Mar 6, 2025
CVE-2024-58069
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read The nvmem interface supports variable …

Mar 6, 2025
CVE-2024-58060
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing There …

Mar 6, 2025
CVE-2024-58055
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Don't free command immediately Don't prematurely free the command. Wait for the …

Mar 6, 2025
CVE-2024-58054
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: staging: media: max96712: fix kernel oops when removing module The following kernel oops is thrown …

Mar 6, 2025
CVE-2025-2030
7.3 HIGH

A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform up to 20250224. It has been rated as critical. Affected by this issue …

Mar 6, 2025
CVE-2024-42844
8.1 HIGH

A SQL Injection vulnerability has been identified in EPICOR Prophet 21 (P21) up to 23.2.5232. This vulnerability allows authenticated remote attackers to execute arbitrary SQL …

Mar 6, 2025
CVE-2024-12146
7.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Finder Fire Safety Finder ERP/CRM (New System) allows SQL Injection.This issue …

Mar 6, 2025
CVE-2024-7872
7.6 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data.This issue affects Extreme XDS: before 3933.

Mar 6, 2025
CVE-2025-20931
7.3 HIGH

Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.

Mar 6, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.