CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-13158

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the …

Dec 26, 2025
CVE-2024-29720
5.5 MEDIUM

An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video …

Dec 26, 2025
CVE-2025-67349
6.1 MEDIUM

A cross-site scripting (XSS) vulnerability was identified in FluentCMS 1.2.3. After logging in as an admin and navigating to the "Add Page" function, the application …

Dec 26, 2025
CVE-2025-66947
6.5 MEDIUM

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to …

Dec 26, 2025
CVE-2025-65885
5.1 MEDIUM

An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia …

Dec 26, 2025
CVE-2025-64645
7.7 HIGH

IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.

Dec 26, 2025
CVE-2025-36230
5.4 MEDIUM

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be …

Dec 26, 2025
CVE-2025-36229
3.1 LOW

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.

Dec 26, 2025
CVE-2025-36228
3.8 LOW

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared …

Dec 26, 2025
CVE-2025-25341
7.5 HIGH

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes …

Dec 26, 2025
CVE-2025-36192
6.7 MEDIUM

IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user …

Dec 26, 2025
CVE-2025-14687
4.3 MEDIUM

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.

Dec 26, 2025
CVE-2025-13915
9.8 CRITICAL

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

Dec 26, 2025
CVE-2025-1721
5.9 MEDIUM

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Dec 26, 2025
CVE-2025-12771
7.8 HIGH

IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and …

Dec 26, 2025
CVE-2025-67450
7.8 HIGH

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution …

Dec 26, 2025
CVE-2025-59888
6.7 MEDIUM

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to …

Dec 26, 2025
CVE-2025-59887
8.6 HIGH

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to …

Dec 26, 2025
CVE-2025-62578
7.5 HIGH

DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information

Dec 26, 2025
CVE-2025-8075
5.4 MEDIUM

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format …

Dec 26, 2025
CVE-2025-68946
5.4 MEDIUM

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.

Dec 26, 2025
CVE-2025-52601
7.8 HIGH

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that …

Dec 26, 2025
CVE-2025-52600
7.2 HIGH

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics …

Dec 26, 2025
CVE-2025-52599
6.5 MEDIUM

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera …

Dec 26, 2025
CVE-2025-52598
3.7 LOW

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service …

Dec 26, 2025
CVE-2025-68945
5.8 MEDIUM

In Gitea before 1.21.2, an anonymous user can visit a private user's project.

Dec 26, 2025
CVE-2025-68944
5.0 MEDIUM

Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.

Dec 26, 2025
CVE-2025-68943
5.3 MEDIUM

Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.

Dec 26, 2025
CVE-2025-15099
7.3 HIGH

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. …

Dec 26, 2025
CVE-2025-68942
5.4 MEDIUM

Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.

Dec 26, 2025
CVE-2025-68941
4.9 MEDIUM

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.

Dec 26, 2025
CVE-2025-68940
3.1 LOW

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.

Dec 26, 2025
CVE-2025-68939
8.2 HIGH

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

Dec 26, 2025
CVE-2025-15098
6.3 MEDIUM

A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the …

Dec 26, 2025
CVE-2025-15097
7.3 HIGH

A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. …

Dec 26, 2025
CVE-2025-15095
3.5 LOW

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to …

Dec 26, 2025
CVE-2025-68938
4.3 MEDIUM

Gitea before 1.25.2 mishandles authorization for deletion of releases.

Dec 26, 2025
CVE-2025-15094
4.3 MEDIUM

A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component …

Dec 26, 2025
CVE-2025-15093
4.3 MEDIUM

A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the …

Dec 26, 2025
CVE-2025-15092
8.8 HIGH

A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument …

Dec 26, 2025
CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template …

Dec 26, 2025
CVE-2025-15091
8.8 HIGH

A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the …

Dec 26, 2025
CVE-2025-14913
5.3 MEDIUM

The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect …

Dec 26, 2025
CVE-2025-15090
8.8 HIGH

A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the …

Dec 25, 2025
CVE-2025-15089
8.8 HIGH

A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the …

Dec 25, 2025
CVE-2025-14820

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Dec 25, 2025
CVE-2025-14715

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Dec 25, 2025
CVE-2025-15088
6.3 MEDIUM

A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation …

Dec 25, 2025
CVE-2025-15087
4.3 MEDIUM

A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn …

Dec 25, 2025
CVE-2025-15086
4.3 MEDIUM

A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The …

Dec 25, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.