CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-4001
3.3 LOW

A vulnerability has been found in scipopt scip up to 9.2.1 and classified as problematic. Affected by this vulnerability is the function main of the …

Apr 28, 2025
CVE-2025-4000
3.5 LOW

A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the …

Apr 28, 2025
CVE-2025-3999
3.5 LOW

A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing …

Apr 28, 2025
CVE-2025-3996
2.4 LOW

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file …

Apr 28, 2025
CVE-2025-3995
2.4 LOW

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file …

Apr 28, 2025
CVE-2025-3994
2.4 LOW

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the …

Apr 28, 2025
CVE-2025-3985
2.7 LOW

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The manipulation …

Apr 27, 2025
CVE-2025-3970
3.5 LOW

A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is an unknown function of the file /sys/office/save. The manipulation …

Apr 27, 2025
CVE-2025-3965
3.5 LOW

A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /article/app/post. …

Apr 27, 2025
CVE-2024-52887
3.5 LOW

Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.

Apr 27, 2025
CVE-2025-3962
3.5 LOW

A vulnerability classified as problematic was found in withstars Books-Management-System 1.0. This vulnerability affects unknown code of the file /api/comment/add of the component Comment Handler. …

Apr 27, 2025
CVE-2025-3961
3.5 LOW

A vulnerability classified as problematic has been found in withstars Books-Management-System 1.0. This affects an unknown part of the file /admin/article/add/do. The manipulation of the …

Apr 27, 2025
CVE-2025-3958
3.5 LOW

A vulnerability was found in withstars Books-Management-System 1.0. It has been classified as problematic. Affected is an unknown function of the file /book_edit_do.html of the …

Apr 27, 2025
CVE-2025-46675
3.5 LOW

In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.

Apr 27, 2025
CVE-2025-46674
3.5 LOW

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.

Apr 27, 2025
CVE-2025-46672
3.5 LOW

NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.

Apr 27, 2025
CVE-2025-46656
2.9 LOW

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

Apr 26, 2025
CVE-2025-3954
3.7 LOW

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer …

Apr 26, 2025
CVE-2025-46653
3.1 LOW

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as …

Apr 26, 2025
CVE-2025-2850
3.5 LOW

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 …

Apr 26, 2025
CVE-2025-46618
3.5 LOW

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab

Apr 25, 2025
CVE-2025-3637
3.1 LOW

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This …

Apr 25, 2025
CVE-2025-3635
3.5 LOW

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection …

Apr 25, 2025
CVE-2024-57375
2.4 LOW

Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service (application crash) …

Apr 25, 2025
CVE-2025-46546
3.5 LOW

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, …

Apr 25, 2025
CVE-2024-30127
3.2 LOW

Missing "no cache" headers in HCL Leap permits sensitive data to be cached.

Apr 24, 2025
CVE-2023-37516
3.2 LOW

Missing "no cache" headers in HCL Leap permits user directory information to be cached.

Apr 24, 2025
CVE-2024-30114
3.7 LOW

Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.

Apr 24, 2025
CVE-2025-41423
3.1 LOW

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or …

Apr 24, 2025
CVE-2025-25046
3.7 LOW

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using …

Apr 23, 2025
CVE-2024-58251
2.5 LOW

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a …

Apr 23, 2025
CVE-2025-46394
3.2 LOW

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

Apr 23, 2025
CVE-2025-46393
2.9 LOW

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).

Apr 23, 2025
CVE-2025-43965
2.9 LOW

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.

Apr 23, 2025
CVE-2025-23253
2.5 LOW

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a …

Apr 22, 2025
CVE-2025-3850
3.7 LOW

A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The …

Apr 22, 2025
CVE-2025-2987
3.8 LOW

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, …

Apr 22, 2025
CVE-2025-3841
3.3 LOW

A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of …

Apr 21, 2025
CVE-2025-29446
3.3 LOW

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.

Apr 21, 2025
CVE-2025-43916
3.4 LOW

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC …

Apr 21, 2025
CVE-2025-32408
2.5 LOW

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled.

Apr 21, 2025
CVE-2025-25228
3.8 LOW

A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area …

Apr 21, 2025
CVE-2025-43967
2.9 LOW

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.

Apr 21, 2025
CVE-2025-43966
2.9 LOW

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.

Apr 21, 2025
CVE-2025-43964
2.9 LOW

In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

Apr 21, 2025
CVE-2025-43963
2.9 LOW

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

Apr 21, 2025
CVE-2025-43962
2.9 LOW

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and …

Apr 21, 2025
CVE-2025-43961
2.9 LOW

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.

Apr 21, 2025
CVE-2025-43955
2.2 LOW

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.

Apr 20, 2025
CVE-2025-3826
2.4 LOW

A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file …

Apr 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.