CVE Database

37767+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-26570
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That glance-that allows Cross Site Request Forgery.This issue affects Glance That: from n/a through <= 4.9.

Feb 13, 2025
CVE-2025-26569
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in callmeforsox Post Thumbs post-thumbs allows Stored XSS.This issue affects Post Thumbs: from n/a through <= 1.5.

Feb 13, 2025
CVE-2025-26568
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information easy-amazon-product-information allows Stored XSS.This issue affects Easy Amazon Product Information: from n/a through <= …

Feb 13, 2025
CVE-2025-26562
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik RSS Filter rss-filter allows Stored XSS.This issue affects RSS Filter: from n/a through <= 1.2.

Feb 13, 2025
CVE-2025-26552
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in badrHan Naver Syndication V2 badr-naver-syndication allows Stored XSS.This issue affects Naver Syndication V2: …

Feb 13, 2025
CVE-2025-26551
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Bootstrap collapse bootstrap-collapse allows Stored XSS.This issue affects Bootstrap collapse: from n/a …

Feb 13, 2025
CVE-2025-26550
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description global-meta-keyword-and-description allows Stored XSS.This issue affects Global Meta Keyword & Description: from …

Feb 13, 2025
CVE-2025-26549
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap wp-html-page-sitemap allows Stored XSS.This issue affects WP Html Page Sitemap: from n/a through <= …

Feb 13, 2025
CVE-2025-26547
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin my-loginlogout allows Stored XSS.This issue affects My Login Logout Plugin: from n/a through <= …

Feb 13, 2025
CVE-2025-26545
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard related-posts-line-up-exactry-by-milliard allows Stored XSS.This issue affects Related Posts Line-up-Exactly by Milliard: from n/a …

Feb 13, 2025
CVE-2025-26543
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through <= 2.1.

Feb 13, 2025
CVE-2025-1247
8.3 HIGH

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. …

Feb 13, 2025
CVE-2025-1094
8.1 HIGH

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain …

Feb 13, 2025
CVE-2025-21700
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was …

Feb 13, 2025
CVE-2024-13606
7.5 HIGH

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up …

Feb 13, 2025
CVE-2024-46910
7.1 HIGH

An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade …

Feb 13, 2025
CVE-2025-0327
7.8 HIGH

CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) …

Feb 13, 2025
CVE-2024-13346
7.3 HIGH

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, …

Feb 13, 2025
CVE-2024-13345
7.3 HIGH

The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the …

Feb 13, 2025
CVE-2025-1070
8.1 HIGH

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded.

Feb 13, 2025
CVE-2025-1060
7.5 HIGH

CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker.

Feb 13, 2025
CVE-2025-1059
7.5 HIGH

CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of …

Feb 13, 2025
CVE-2025-1058
8.1 HIGH

CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device inoperable when malicious firmware is downloaded.

Feb 13, 2025
CVE-2024-13770
8.1 HIGH

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions …

Feb 13, 2025
CVE-2024-51376
7.5 HIGH

Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component.

Feb 12, 2025
CVE-2024-34520
8.8 HIGH

An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized administrative actions, …

Feb 12, 2025
CVE-2024-56940
7.5 HIGH

An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads.

Feb 12, 2025
CVE-2024-51440
7.8 HIGH

An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component.

Feb 12, 2025
CVE-2024-51123
7.5 HIGH

An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240-debian12 allows a remote attacker to obtain sensitive information via the /compose-pdf.xhtml?convid=[id] component.

Feb 12, 2025
CVE-2024-46923
7.5 HIGH

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service …

Feb 12, 2025
CVE-2024-46922
7.5 HIGH

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at …

Feb 12, 2025
CVE-2024-41917
7.5 HIGH

Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of …

Feb 12, 2025
CVE-2024-41168
7.4 HIGH

Use after free in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable …

Feb 12, 2025
CVE-2024-39805
7.8 HIGH

Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4.39 may allow an authenticated user to potentially enable escalation of privilege via …

Feb 12, 2025
CVE-2024-39356
7.4 HIGH

NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable …

Feb 12, 2025
CVE-2024-38310
8.2 HIGH

Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

Feb 12, 2025
CVE-2024-38307
7.7 HIGH

Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service …

Feb 12, 2025
CVE-2024-37355
8.8 HIGH

Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.

Feb 12, 2025
CVE-2024-36262
7.2 HIGH

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via …

Feb 12, 2025
CVE-2024-32941
7.9 HIGH

NULL pointer dereference for some Intel(R) MLC software before version v3.11b may allow an authenticated user to potentially enable denial of service via local access.

Feb 12, 2025
CVE-2024-31858
7.8 HIGH

Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Feb 12, 2025
CVE-2024-31155
7.5 HIGH

Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Feb 12, 2025
CVE-2024-29214
7.5 HIGH

Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Feb 12, 2025
CVE-2024-28127
7.5 HIGH

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Feb 12, 2025
CVE-2024-24582
7.5 HIGH

Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local …

Feb 12, 2025
CVE-2023-49618
7.5 HIGH

Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege …

Feb 12, 2025
CVE-2023-49615
7.5 HIGH

Improper input validation in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege …

Feb 12, 2025
CVE-2023-49603
7.5 HIGH

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via …

Feb 12, 2025
CVE-2023-48267
7.9 HIGH

Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege …

Feb 12, 2025
CVE-2023-43758
8.2 HIGH

Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.

Feb 12, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.