CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-23368
8.1 HIGH

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time …

Mar 4, 2025
CVE-2024-9149
8.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.This issue affects E-Commerce …

Mar 4, 2025
CVE-2024-50705
7.1 HIGH

Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.

Mar 4, 2025
CVE-2025-1943
8.2 HIGH

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough …

Mar 4, 2025
CVE-2025-1940
7.1 HIGH

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching …

Mar 4, 2025
CVE-2025-1937
7.5 HIGH

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of …

Mar 4, 2025
CVE-2025-1936
7.3 HIGH

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the …

Mar 4, 2025
CVE-2025-1933
7.6 HIGH

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them …

Mar 4, 2025
CVE-2025-1932
8.1 HIGH

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox …

Mar 4, 2025
CVE-2025-1931
7.5 HIGH

It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was …

Mar 4, 2025
CVE-2025-1930
8.8 HIGH

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led …

Mar 4, 2025
CVE-2025-22226
7.1 HIGH KEV

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a …

Mar 4, 2025
CVE-2025-22225
8.2 HIGH KEV

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an …

Mar 4, 2025
CVE-2024-58045
8.6 HIGH

Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability.

Mar 4, 2025
CVE-2024-58044
8.4 HIGH

Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability.

Mar 4, 2025
CVE-2024-58043
7.3 HIGH

Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Mar 4, 2025
CVE-2024-48248
8.6 HIGH KEV

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across …

Mar 4, 2025
CVE-2025-0360
7.8 HIGH

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to …

Mar 4, 2025
CVE-2025-0359
8.5 HIGH

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access …

Mar 4, 2025
CVE-2025-1306
8.8 HIGH

The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or …

Mar 4, 2025
CVE-2025-1903
7.3 HIGH

A vulnerability was found in Codezips Online Shopping Website 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

Mar 4, 2025
CVE-2025-1902
7.3 HIGH

A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /password-recovery.php. …

Mar 4, 2025
CVE-2025-1901
7.3 HIGH

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been classified as critical. This affects an unknown part of the file …

Mar 4, 2025
CVE-2025-1900
7.3 HIGH

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …

Mar 4, 2025
CVE-2025-1639
8.8 HIGH

The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_elementor_plugin_handler() …

Mar 4, 2025
CVE-2025-1894
7.3 HIGH

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality …

Mar 4, 2025
CVE-2024-51962
8.7 HIGH

A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when …

Mar 3, 2025
CVE-2024-51961
7.5 HIGH

There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that …

Mar 3, 2025
CVE-2024-51954
8.5 HIGH

There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a …

Mar 3, 2025
CVE-2025-27501
8.6 HIGH

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed …

Mar 3, 2025
CVE-2025-27500
8.2 HIGH

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint(/api/upload) on the admin panel can be accessed …

Mar 3, 2025
CVE-2025-25967
8.8 HIGH

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as …

Mar 3, 2025
CVE-2025-27423
7.1 HIGH

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or …

Mar 3, 2025
CVE-2025-27422
7.5 HIGH

FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible …

Mar 3, 2025
CVE-2025-27421
7.5 HIGH

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. …

Mar 3, 2025
CVE-2025-25301
7.5 HIGH

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image …

Mar 3, 2025
CVE-2025-1876
7.3 HIGH

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component …

Mar 3, 2025
CVE-2025-0678
7.8 HIGH

A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to …

Mar 3, 2025
CVE-2025-0289
7.8 HIGH

Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, …

Mar 3, 2025
CVE-2025-0288
7.8 HIGH

Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled …

Mar 3, 2025
CVE-2025-0286
8.4 HIGH

Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of …

Mar 3, 2025
CVE-2025-0285
7.8 HIGH

Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of …

Mar 3, 2025
CVE-2024-53388
8.8 HIGH

A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element.

Mar 3, 2025
CVE-2024-53387
8.8 HIGH

A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element.

Mar 3, 2025
CVE-2024-45782
7.8 HIGH

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the …

Mar 3, 2025
CVE-2025-27419
7.5 HIGH

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service (DoS) vulnerability exists in WeGIA. …

Mar 3, 2025
CVE-2025-25185
7.5 HIGH

GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can …

Mar 3, 2025
CVE-2025-0555
7.7 HIGH

A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 …

Mar 3, 2025
CVE-2024-43169
8.8 HIGH

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the …

Mar 3, 2025
CVE-2024-41771
7.5 HIGH

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or …

Mar 3, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.