CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2019-25242
4.3 MEDIUM

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious …

Dec 24, 2025
CVE-2019-25241
9.8 CRITICAL

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration …

Dec 24, 2025
CVE-2019-25240
9.8 CRITICAL

Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web …

Dec 24, 2025
CVE-2019-25239
7.5 HIGH

V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve …

Dec 24, 2025
CVE-2019-25238
4.3 MEDIUM

V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious …

Dec 24, 2025
CVE-2019-25237
9.8 CRITICAL

V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulating the user role parameter. Attackers …

Dec 24, 2025
CVE-2019-25236
9.8 CRITICAL

iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. Attackers can retrieve video …

Dec 24, 2025
CVE-2019-25235
9.8 CRITICAL

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to …

Dec 24, 2025
CVE-2019-25234
5.3 MEDIUM

SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by …

Dec 24, 2025
CVE-2019-25233
5.3 MEDIUM

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious …

Dec 24, 2025
CVE-2018-25156
4.3 MEDIUM

Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious …

Dec 24, 2025
CVE-2018-25155
4.3 MEDIUM

Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious …

Dec 24, 2025
CVE-2018-25154
9.8 CRITICAL

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary …

Dec 24, 2025
CVE-2018-25153

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the reported issue does not constitute a security vulnerability …

Dec 24, 2025
CVE-2018-25152
5.3 MEDIUM

Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious …

Dec 24, 2025
CVE-2018-25151
4.3 MEDIUM

Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft …

Dec 24, 2025
CVE-2018-25150
5.3 MEDIUM

Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious …

Dec 24, 2025
CVE-2018-25149
6.5 MEDIUM

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web …

Dec 24, 2025
CVE-2018-25148
8.8 HIGH

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system …

Dec 24, 2025
CVE-2018-25147
7.5 HIGH

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized …

Dec 24, 2025
CVE-2018-25146
8.1 HIGH

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to …

Dec 24, 2025
CVE-2018-25145
6.5 MEDIUM

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files …

Dec 24, 2025
CVE-2018-25144
8.4 HIGH

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. …

Dec 24, 2025
CVE-2018-25143
8.8 HIGH

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can …

Dec 24, 2025
CVE-2018-25142
9.8 CRITICAL

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files …

Dec 24, 2025
CVE-2018-25141
7.5 HIGH

FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams …

Dec 24, 2025
CVE-2018-25140
7.5 HIGH

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can …

Dec 24, 2025
CVE-2018-25139
7.5 HIGH

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to …

Dec 24, 2025
CVE-2018-25138
9.8 CRITICAL

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent …

Dec 24, 2025
CVE-2018-25137
7.5 HIGH

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the …

Dec 24, 2025
CVE-2018-25136
7.5 HIGH

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images …

Dec 24, 2025
CVE-2018-25135
9.8 CRITICAL

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers …

Dec 24, 2025
CVE-2018-25134
9.8 CRITICAL

Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit …

Dec 24, 2025
CVE-2018-25133
4.3 MEDIUM

Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious …

Dec 24, 2025
CVE-2018-25131
7.2 HIGH

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to …

Dec 24, 2025
CVE-2018-25130
6.2 MEDIUM

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can …

Dec 24, 2025
CVE-2018-25129
7.5 HIGH

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and …

Dec 24, 2025
CVE-2018-25128
8.2 HIGH

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, …

Dec 24, 2025
CVE-2018-25127
5.3 MEDIUM

SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft …

Dec 24, 2025
CVE-2025-36154
6.2 MEDIUM

IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user.

Dec 24, 2025
CVE-2025-2515
7.2 HIGH

A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed …

Dec 24, 2025
CVE-2025-68750

In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbg_make_tpg() The variable tpgt in usbg_make_tpg() is defined as unsigned …

Dec 24, 2025
CVE-2025-43876

Under certain circumstances a successful exploitation could result in access to the device.

Dec 24, 2025
CVE-2025-43875

Under certain circumstances a successful exploitation could result in access to the device.

Dec 24, 2025
CVE-2024-40317
6.1 MEDIUM

A reflected cross-site scripting (XSS) vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via …

Dec 24, 2025
CVE-2024-39037
6.5 MEDIUM

MyNET up to v26.08.316 was discovered to contain an Unauthenticated SQL Injection vulnerability via the intmenu parameter.

Dec 24, 2025
CVE-2024-35322
6.1 MEDIUM

MyNET up to v26.08 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ficheiro parameter.

Dec 24, 2025
CVE-2025-60935
6.1 MEDIUM

An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This …

Dec 24, 2025
CVE-2025-2155
8.8 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion.This issue affects …

Dec 24, 2025
CVE-2025-2154
5.4 MEDIUM

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows …

Dec 24, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.