CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-21715
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private data and it cannot be …

Feb 27, 2025
CVE-2025-21714
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy …

Feb 27, 2025
CVE-2024-57998
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq …

Feb 27, 2025
CVE-2024-57995
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is created …

Feb 27, 2025
CVE-2024-57990
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead …

Feb 27, 2025
CVE-2024-57984
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition In dw_i3c_common_probe, &master->hj_work is …

Feb 27, 2025
CVE-2024-57983
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mailbox: th1520: Fix memory corruption due to incorrect array size The functions th1520_mbox_suspend_noirq and th1520_mbox_resume_noirq …

Feb 27, 2025
CVE-2024-57982
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: xfrm: state: fix out-of-bounds read during lookup lookup and resize can run in parallel. The …

Feb 27, 2025
CVE-2024-57980
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate …

Feb 27, 2025
CVE-2024-57979
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent …

Feb 27, 2025
CVE-2024-55581
7.4 HIGH

When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of …

Feb 26, 2025
CVE-2024-50696
7.5 HIGH

SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or …

Feb 26, 2025
CVE-2024-50691
7.4 HIGH

SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. …

Feb 26, 2025
CVE-2025-20111
7.4 HIGH

A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow …

Feb 26, 2025
CVE-2025-1634
7.5 HIGH

A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times …

Feb 26, 2025
CVE-2024-53427
8.1 HIGH

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and …

Feb 26, 2025
CVE-2025-25825
7.1 HIGH

A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the …

Feb 26, 2025
CVE-2025-25823
7.3 HIGH

A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the …

Feb 26, 2025
CVE-2024-47053
7.7 HIGH

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. * Improper Authorization: …

Feb 26, 2025
CVE-2024-39441
7.1 HIGH

In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.

Feb 26, 2025
CVE-2024-13633
7.1 HIGH

The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected …

Feb 26, 2025
CVE-2024-13632
7.1 HIGH

The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

Feb 26, 2025
CVE-2024-13631
7.1 HIGH

The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected …

Feb 26, 2025
CVE-2024-13624
7.1 HIGH

The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site …

Feb 26, 2025
CVE-2024-13571
7.1 HIGH

The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected …

Feb 26, 2025
CVE-2024-12878
7.1 HIGH

The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

Feb 26, 2025
CVE-2024-10483
7.1 HIGH

The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected …

Feb 26, 2025
CVE-2024-10152
7.1 HIGH

The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, …

Feb 26, 2025
CVE-2025-22881
7.8 HIGH

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits …

Feb 26, 2025
CVE-2025-22869
7.5 HIGH

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not …

Feb 26, 2025
CVE-2025-22868
7.5 HIGH

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Feb 26, 2025
CVE-2025-0889
7.8 HIGH

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects …

Feb 26, 2025
CVE-2022-49724
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Fix free_irq() on remove Pass the correct dev_id to free_irq() to fix this …

Feb 26, 2025
CVE-2022-49722
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. VF …

Feb 26, 2025
CVE-2022-49720
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() This patch prevents that test nvme/004 triggers …

Feb 26, 2025
CVE-2022-49711
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io(). However, …

Feb 26, 2025
CVE-2022-49706
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefs_iomap_begin() for reads If a readahead is issued to a sequential zone file …

Feb 26, 2025
CVE-2022-49700
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab …

Feb 26, 2025
CVE-2022-49698
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user …

Feb 26, 2025
CVE-2022-49696
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tipc: fix use-after-free Read in tipc_named_reinit syzbot found the following issue on: ================================================================== BUG: KASAN: …

Feb 26, 2025
CVE-2022-49695
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: igb: fix a use-after-free issue in igb_clean_tx_ring Fix the following use-after-free bug in igb_clean_tx_ring routine …

Feb 26, 2025
CVE-2022-49694
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: block: disable the elevator int del_gendisk The elevator is only used for file system requests, …

Feb 26, 2025
CVE-2022-49687
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix xdp_rxq_info bug after suspend/resume The following sequence currently causes a driver bug warning …

Feb 26, 2025
CVE-2022-49686
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcg_video_pump A panic can occur if the …

Feb 26, 2025
CVE-2022-49685
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irq_work has completed before the …

Feb 26, 2025
CVE-2022-49674
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load (using …

Feb 26, 2025
CVE-2022-49669
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request …

Feb 26, 2025
CVE-2022-49667
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free after 802.3ad slave unbind commit 0622cab0341c ("bonding: fix 802.3ad aggregator reselection"), …

Feb 26, 2025
CVE-2022-49651
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but …

Feb 26, 2025
CVE-2022-49647
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading css_sets for migration Each cset (css_set) is pinned …

Feb 26, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.