CVE Database

37767+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-23523
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoststreamsell HSS Embed Streaming Video hss-embed-streaming-video allows Reflected XSS.This issue affects HSS Embed …

Feb 14, 2025
CVE-2025-23492
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress 淘宝客插件 taobaoke allows Reflected XSS.This issue affects WordPress 淘宝客插件: from n/a …

Feb 14, 2025
CVE-2025-23474
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard live-dashboard allows Reflected XSS.This issue affects Live Dashboard: from …

Feb 14, 2025
CVE-2025-23431
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khaninejad Envato Affiliater envato-affiliater allows Reflected XSS.This issue affects Envato Affiliater: from n/a …

Feb 14, 2025
CVE-2025-23428
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arash Safari QMean – WordPress Did You Mean qmean allows Reflected XSS.This issue …

Feb 14, 2025
CVE-2025-22705
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popular Posts disqus-popular-posts allows Reflected XSS.This issue affects Disqus Popular Posts: from n/a through <= 2.1.1.

Feb 14, 2025
CVE-2024-52500
7.2 HIGH

Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through …

Feb 14, 2025
CVE-2025-26788
8.4 HIGH

StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.

Feb 14, 2025
CVE-2024-2240
7.2 HIGH

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

Feb 14, 2025
CVE-2025-26519
8.1 HIGH

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.

Feb 14, 2025
CVE-2024-55904
7.2 HIGH

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through …

Feb 14, 2025
CVE-2025-22962
7.2 HIGH

A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An …

Feb 13, 2025
CVE-2025-22961
8.0 HIGH

A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers …

Feb 13, 2025
CVE-2025-22960
8.0 HIGH

A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially …

Feb 13, 2025
CVE-2023-34402
7.7 HIGH

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. …

Feb 13, 2025
CVE-2025-26473
7.5 HIGH

The Mojave Inverter uses the GET method for sensitive information.

Feb 13, 2025
CVE-2025-25281
7.5 HIGH

An attacker may modify the URL to discover sensitive information about the target network.

Feb 13, 2025
CVE-2025-24861
7.5 HIGH

An attacker may inject commands via specially-crafted post requests.

Feb 13, 2025
CVE-2025-24836
7.1 HIGH

With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent …

Feb 13, 2025
CVE-2025-22896
8.6 HIGH

mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.

Feb 13, 2025
CVE-2024-57378
7.3 HIGH

Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing …

Feb 13, 2025
CVE-2023-34400
7.5 HIGH

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the …

Feb 13, 2025
CVE-2023-34398
7.5 HIGH

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The …

Feb 13, 2025
CVE-2023-34397
7.5 HIGH

Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be …

Feb 13, 2025
CVE-2024-11347
7.3 HIGH

Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by …

Feb 13, 2025
CVE-2024-11346
7.3 HIGH

: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue …

Feb 13, 2025
CVE-2024-11345
7.3 HIGH

A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute …

Feb 13, 2025
CVE-2024-11344
7.3 HIGH

A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute …

Feb 13, 2025
CVE-2025-24888
8.1 HIGH

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to version 0.14.1, …

Feb 13, 2025
CVE-2025-25387
7.2 HIGH

A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype …

Feb 13, 2025
CVE-2025-26511
8.8 HIGH

Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible …

Feb 13, 2025
CVE-2025-25901
7.5 HIGH

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause …

Feb 13, 2025
CVE-2025-25898
7.5 HIGH

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of …

Feb 13, 2025
CVE-2025-25897
7.5 HIGH

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of …

Feb 13, 2025
CVE-2025-25357
7.2 HIGH

A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email …

Feb 13, 2025
CVE-2025-25356
7.2 HIGH

A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " …

Feb 13, 2025
CVE-2025-25355
7.2 HIGH

A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate …

Feb 13, 2025
CVE-2025-25354
7.2 HIGH

A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST …

Feb 13, 2025
CVE-2025-25352
7.2 HIGH

A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle …

Feb 13, 2025
CVE-2025-24904
8.5 HIGH

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content …

Feb 13, 2025
CVE-2025-24903
8.5 HIGH

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact …

Feb 13, 2025
CVE-2025-22480
7.0 HIGH

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, …

Feb 13, 2025
CVE-2024-12013
7.6 HIGH

A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default …

Feb 13, 2025
CVE-2024-12011
7.6 HIGH

A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory …

Feb 13, 2025
CVE-2025-26582
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems tinymce-advanced-qtranslate-fix-editor-problems allows Stored XSS.This issue affects TinyMCE Advanced qTranslate fix editor problems: …

Feb 13, 2025
CVE-2025-26580
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Complete SEO Page/Post Specific Social Share Buttons pagepost-specific-social-share-buttons allows Stored XSS.This issue affects Page/Post Specific Social Share Buttons: from …

Feb 13, 2025
CVE-2025-26578
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation client-documentation allows Stored XSS.This issue affects Simple Documentation: from n/a through <= 1.2.8.

Feb 13, 2025
CVE-2025-26577
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish dx-auto-publish allows Stored XSS.This issue affects DX-auto-publish: from n/a through <= 1.2.

Feb 13, 2025
CVE-2025-26572
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPList phplist-form-integration allows Cross Site Request Forgery.This issue affects WP PHPList: from n/a through <= 1.7.

Feb 13, 2025
CVE-2025-26571
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolbar wibiya allows Cross Site Request Forgery.This issue affects Wibiya Toolbar: from n/a through <= 2.0.

Feb 13, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.