CVE Database

37767+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-0727
7.5 HIGH

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of …

Feb 21, 2025
CVE-2025-0726
7.5 HIGH

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. …

Feb 21, 2025
CVE-2024-11260
7.5 HIGH

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the active_status parameter in all versions …

Feb 21, 2025
CVE-2025-27088
8.2 HIGH

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, …

Feb 20, 2025
CVE-2025-25679
8.0 HIGH

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.

Feb 20, 2025
CVE-2025-22973
7.5 HIGH

An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly …

Feb 20, 2025
CVE-2025-27097
7.5 HIGH

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and …

Feb 20, 2025
CVE-2025-0352
7.5 HIGH

Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API …

Feb 20, 2025
CVE-2023-51336
8.8 HIGH

PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to …

Feb 20, 2025
CVE-2025-27091
7.5 HIGH

OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow …

Feb 20, 2025
CVE-2024-46933
7.7 HIGH

An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading …

Feb 20, 2025
CVE-2023-51333
8.8 HIGH

PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient …

Feb 20, 2025
CVE-2025-26305
8.2 HIGH

A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via …

Feb 20, 2025
CVE-2025-26304
8.2 HIGH

A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8.

Feb 20, 2025
CVE-2024-57716
7.5 HIGH

An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function.

Feb 20, 2025
CVE-2025-0161
7.8 HIGH

IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code …

Feb 20, 2025
CVE-2023-51319
8.8 HIGH

PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient …

Feb 20, 2025
CVE-2023-51316
7.5 HIGH

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email …

Feb 20, 2025
CVE-2023-51314
7.5 HIGH

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount …

Feb 20, 2025
CVE-2023-51313
8.8 HIGH

PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient …

Feb 20, 2025
CVE-2023-51311
8.8 HIGH

PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to …

Feb 20, 2025
CVE-2025-1039
7.2 HIGH

The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and …

Feb 20, 2025
CVE-2024-49781
7.1 HIGH

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote …

Feb 20, 2025
CVE-2024-13792
7.3 HIGH

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, …

Feb 20, 2025
CVE-2024-13753
8.1 HIGH

The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to …

Feb 20, 2025
CVE-2024-13476
7.5 HIGH

The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, …

Feb 20, 2025
CVE-2024-13888
7.2 HIGH

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on …

Feb 20, 2025
CVE-2025-26856
7.2 HIGH

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs …

Feb 20, 2025
CVE-2025-1492
7.8 HIGH

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture …

Feb 20, 2025
CVE-2025-1293
8.2 HIGH

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, …

Feb 20, 2025
CVE-2024-12284
8.8 HIGH

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

Feb 20, 2025
CVE-2025-27092
7.5 HIGH

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 …

Feb 19, 2025
CVE-2025-25944
7.3 HIGH

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fragment …

Feb 19, 2025
CVE-2025-25943
7.8 HIGH

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp.

Feb 19, 2025
CVE-2025-24989
8.2 HIGH KEV

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This …

Feb 19, 2025
CVE-2025-21355
8.6 HIGH

Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network

Feb 19, 2025
CVE-2024-5706
8.8 HIGH

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier …

Feb 19, 2025
CVE-2024-5705
8.8 HIGH

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the …

Feb 19, 2025
CVE-2024-37359
8.6 HIGH

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently …

Feb 19, 2025
CVE-2023-51302
8.8 HIGH

PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient …

Feb 19, 2025
CVE-2023-51301
7.5 HIGH

A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount …

Feb 19, 2025
CVE-2025-0624
7.6 HIGH

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user …

Feb 19, 2025
CVE-2023-51293
7.5 HIGH

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount …

Feb 19, 2025
CVE-2023-46272
8.8 HIGH

Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation …

Feb 19, 2025
CVE-2025-0893
7.8 HIGH

Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability.

Feb 19, 2025
CVE-2020-10095
8.1 HIGH

Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device.

Feb 19, 2025
CVE-2025-1426
8.8 HIGH

Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Feb 19, 2025
CVE-2025-1006
8.8 HIGH

Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. …

Feb 19, 2025
CVE-2025-0999
8.8 HIGH

Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Feb 19, 2025
CVE-2024-52541
8.2 HIGH

Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of …

Feb 19, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.