CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-20929
7.3 HIGH

Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.

Mar 6, 2025
CVE-2025-20903
7.3 HIGH

Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this …

Mar 6, 2025
CVE-2025-24864
7.8 HIGH

Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative …

Mar 6, 2025
CVE-2025-22447
7.8 HIGH

Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative …

Mar 6, 2025
CVE-2025-27508
7.5 HIGH

Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms …

Mar 5, 2025
CVE-2025-27516
8.8 HIGH

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker …

Mar 5, 2025
CVE-2024-57174
8.1 HIGH

A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed …

Mar 5, 2025
CVE-2024-51144
8.8 HIGH

Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=flip_follow endpoints in Ampache <= 6.6.0.

Mar 5, 2025
CVE-2025-2003
7.1 HIGH

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.

Mar 5, 2025
CVE-2025-27513
7.5 HIGH

OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate …

Mar 5, 2025
CVE-2024-31525
7.2 HIGH

Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete …

Mar 5, 2025
CVE-2024-53458
7.5 HIGH

Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) condition when processing specially crafted SSH packets.

Mar 5, 2025
CVE-2025-20206
7.1 HIGH

A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking …

Mar 5, 2025
CVE-2025-24494
7.2 HIGH

Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). In combination with the …

Mar 5, 2025
CVE-2024-11216
7.6 HIGH

Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking.This issue …

Mar 5, 2025
CVE-2025-1702
7.5 HIGH

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via …

Mar 5, 2025
CVE-2024-13471
7.5 HIGH

The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in …

Mar 5, 2025
CVE-2025-0956
8.1 HIGH

The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 24.4.0 via deserialization of …

Mar 5, 2025
CVE-2024-13777
8.1 HIGH

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, …

Mar 5, 2025
CVE-2024-13232
8.8 HIGH

The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due …

Mar 5, 2025
CVE-2025-27685
7.5 HIGH

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001.

Mar 5, 2025
CVE-2025-27684
7.5 HIGH

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Debug Bundle Contains Sensitive Data V-2022-003.

Mar 5, 2025
CVE-2025-27683
8.8 HIGH

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Driver Unrestricted Upload of File with Dangerous Type V-2022-006.

Mar 5, 2025
CVE-2025-27669
7.5 HIGH

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Network Scanning (XSPA)/DoS OVE-20230524-0013.

Mar 5, 2025
CVE-2025-27664
8.8 HIGH

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient CSRF Protection OVE-20230524-0008.

Mar 5, 2025
CVE-2025-27644
7.8 HIGH

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007.

Mar 5, 2025
CVE-2025-27639
8.8 HIGH

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Privilege Escalation V-2024-015.

Mar 5, 2025
CVE-2025-1919
8.8 HIGH

Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via …

Mar 5, 2025
CVE-2025-1918
8.8 HIGH

Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via …

Mar 5, 2025
CVE-2025-1916
8.8 HIGH

Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially …

Mar 5, 2025
CVE-2025-1915
8.1 HIGH

Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a …

Mar 5, 2025
CVE-2025-1914
8.8 HIGH

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a …

Mar 5, 2025
CVE-2025-1966
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. …

Mar 5, 2025
CVE-2024-0114
8.1 HIGH

NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the …

Mar 5, 2025
CVE-2025-1965
7.3 HIGH

A vulnerability classified as critical has been found in projectworlds Online Hotel Booking 1.0. Affected is an unknown function of the file /admin/login.php. The manipulation …

Mar 5, 2025
CVE-2025-1964
7.3 HIGH

A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

Mar 5, 2025
CVE-2025-1963
7.3 HIGH

A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /reservation.php. …

Mar 5, 2025
CVE-2025-1962
7.3 HIGH

A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been classified as critical. This affects an unknown part of the file /admin/addroom.php. …

Mar 5, 2025
CVE-2025-1959
7.3 HIGH

A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Affected is an unknown function of the file /change_s_pwd.php. The …

Mar 4, 2025
CVE-2025-25426
7.2 HIGH

yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.

Mar 4, 2025
CVE-2025-1956
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Shopping Portal 1.0. This affects an unknown part of the file /Shopping/Admin/index.php of the component …

Mar 4, 2025
CVE-2025-1954
7.3 HIGH

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown …

Mar 4, 2025
CVE-2021-41719
7.5 HIGH

Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive …

Mar 4, 2025
CVE-2020-23438
7.8 HIGH

Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation.

Mar 4, 2025
CVE-2025-1259
7.7 HIGH

On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result …

Mar 4, 2025
CVE-2025-1080
7.8 HIGH

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In …

Mar 4, 2025
CVE-2025-1952
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/password-recovery.php. …

Mar 4, 2025
CVE-2024-41147
7.7 HIGH

An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker …

Mar 4, 2025
CVE-2024-10930
7.8 HIGH

An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

Mar 4, 2025
CVE-2025-27111
7.5 HIGH

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by …

Mar 4, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.