CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-3825
2.4 LOW

A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown …

Apr 20, 2025
CVE-2025-3824
2.4 LOW

A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the …

Apr 20, 2025
CVE-2025-3823
2.4 LOW

A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file add-stock.php. …

Apr 20, 2025
CVE-2025-3822
2.4 LOW

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of …

Apr 20, 2025
CVE-2025-3821
2.4 LOW

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the …

Apr 20, 2025
CVE-2023-30421
2.9 LOW

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114.

Apr 19, 2025
CVE-2023-26819
2.9 LOW

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.

Apr 19, 2025
CVE-2022-47112
2.5 LOW

7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.

Apr 19, 2025
CVE-2022-47111
2.5 LOW

7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.

Apr 19, 2025
CVE-2025-3806
2.4 LOW

A vulnerability, which was classified as problematic, has been found in dazhouda lecms up to 3.0.3. Affected by this issue is some unknown functionality of …

Apr 19, 2025
CVE-2025-3801
2.4 LOW

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System …

Apr 19, 2025
CVE-2025-3795
2.4 LOW

A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO …

Apr 18, 2025
CVE-2025-25985
2.6 LOW

An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini …

Apr 18, 2025
CVE-2025-25983
3.4 LOW

An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via …

Apr 18, 2025
CVE-2025-3789
3.5 LOW

A vulnerability was found in baseweb JSite 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file …

Apr 18, 2025
CVE-2025-3788
3.5 LOW

A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file …

Apr 18, 2025
CVE-2025-3787
2.7 LOW

A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation …

Apr 18, 2025
CVE-2024-42178
2.5 LOW

HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk …

Apr 17, 2025
CVE-2024-42177
2.6 LOW

HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt …

Apr 17, 2025
CVE-2025-26269
3.3 LOW

DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references …

Apr 17, 2025
CVE-2025-26268
3.3 LOW

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan …

Apr 17, 2025
CVE-2021-47671
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path In es58x_rx_err_msg(), if can->do_set_mode() fails, the …

Apr 17, 2025
CVE-2025-32415
2.9 LOW

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be …

Apr 17, 2025
CVE-2025-26478
3.1 LOW

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading …

Apr 17, 2025
CVE-2025-29931
3.7 LOW

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a …

Apr 17, 2025
CVE-2025-1525
3.5 LOW

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin …

Apr 17, 2025
CVE-2025-1524
3.5 LOW

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin …

Apr 17, 2025
CVE-2025-1523
3.5 LOW

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin …

Apr 17, 2025
CVE-2024-11924
3.5 LOW

The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high …

Apr 17, 2025
CVE-2025-43708
3.3 LOW

VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an …

Apr 17, 2025
CVE-2025-32789
3.1 LOW

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an …

Apr 16, 2025
CVE-2025-32787
3.1 LOW

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, …

Apr 16, 2025
CVE-2025-3730
3.3 LOW

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to …

Apr 16, 2025
CVE-2024-58249
3.7 LOW

In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.

Apr 16, 2025
CVE-2025-3692
2.4 LOW

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …

Apr 16, 2025
CVE-2024-58248
3.5 LOW

nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.

Apr 16, 2025
CVE-2025-3691
2.7 LOW

A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component …

Apr 16, 2025
CVE-2025-3688
2.4 LOW

A vulnerability, which was classified as problematic, was found in mirweiye Seven Bears Library CMS 2023. This affects an unknown part of the component Background …

Apr 16, 2025
CVE-2025-31363
3.0 LOW

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an …

Apr 16, 2025
CVE-2025-27538
2.2 LOW

Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user …

Apr 16, 2025
CVE-2025-24839
3.1 LOW

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without …

Apr 16, 2025
CVE-2025-32435
2.6 LOW

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the …

Apr 15, 2025
CVE-2025-32021
2.2 LOW

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code …

Apr 15, 2025
CVE-2025-30731
3.6 LOW

Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (component: Configuration). Supported versions that are affected are 12.2.3-12.2.14. Difficult to exploit vulnerability …

Apr 15, 2025
CVE-2025-30703
2.7 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows …

Apr 15, 2025
CVE-2025-30700
3.5 LOW

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). The supported version that is affected is 11. Easily exploitable vulnerability allows …

Apr 15, 2025
CVE-2025-30681
2.7 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability …

Apr 15, 2025
CVE-2025-32943
3.7 LOW

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the …

Apr 15, 2025
CVE-2024-45712
2.6 LOW

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, …

Apr 15, 2025
CVE-2025-3613
3.5 LOW

A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. This vulnerability affects unknown code of the file /visualization. The manipulation of …

Apr 15, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.