CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2022-50711

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix possible memory leak in mtk_probe() If mtk_wed_add_hw() has been called, mtk_wed_exit() …

Dec 24, 2025
CVE-2022-50710

In the Linux kernel, the following vulnerability has been resolved: ice: set tx_tstamps when creating new Tx rings via ethtool When the user changes the …

Dec 24, 2025
CVE-2022-50709

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() syzbot is reporting uninit value at ath9k_htc_rx_msg() …

Dec 24, 2025
CVE-2022-50708

In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: fix potential resource leak in ssip_pn_open() ssip_pn_open() claims the HSI client's port with …

Dec 24, 2025
CVE-2022-50707

In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() 'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(), and should be freed …

Dec 24, 2025
CVE-2022-50706

In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: don't warn zero-sized raw_sendmsg() syzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1], for PF_IEEE802154 …

Dec 24, 2025
CVE-2022-50705

In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion …

Dec 24, 2025
CVE-2022-50704

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config …

Dec 24, 2025
CVE-2022-50703

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() There are two refcount leak bugs …

Dec 24, 2025
CVE-2022-50702

In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() Inject fault while probing module, if …

Dec 24, 2025
CVE-2022-50701

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host SDIO may need addtional 511 bytes …

Dec 24, 2025
CVE-2022-50700

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Delay the unmapping of the buffer On WCN3990, we are seeing a rare …

Dec 24, 2025
CVE-2022-50699

In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() The following warning was triggered …

Dec 24, 2025
CVE-2022-50698

In the Linux kernel, the following vulnerability has been resolved: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() If clk_hw_register() fails, the corresponding clk …

Dec 24, 2025
CVE-2022-50697

In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of del_timer_sync must …

Dec 24, 2025
CVE-2025-64641
4.1 MEDIUM

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by …

Dec 24, 2025
CVE-2025-13767
4.3 MEDIUM

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fails to validate user channel membership when attaching Mattermost posts as …

Dec 24, 2025
CVE-2025-57840
2.2 LOW

ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.

Dec 24, 2025
CVE-2025-13407
6.8 MEDIUM

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload …

Dec 24, 2025
CVE-2024-58335
5.0 MEDIUM

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java.

Dec 24, 2025
CVE-2025-66445
7.1 HIGH

Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue …

Dec 24, 2025
CVE-2025-66444
8.2 HIGH

Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue …

Dec 24, 2025
CVE-2025-13773
9.8 CRITICAL

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 …

Dec 24, 2025
CVE-2025-68695

Rejected reason: Not used

Dec 24, 2025
CVE-2025-68694

Rejected reason: Not used

Dec 24, 2025
CVE-2025-68693

Rejected reason: Not used

Dec 24, 2025
CVE-2025-68692

Rejected reason: Not used

Dec 24, 2025
CVE-2025-68691

Rejected reason: Not used

Dec 24, 2025
CVE-2025-68690

Rejected reason: Not used

Dec 24, 2025
CVE-2025-68689

Rejected reason: Not used

Dec 24, 2025
CVE-2025-68688

Rejected reason: Not used

Dec 24, 2025
CVE-2025-68687

Rejected reason: Not used

Dec 24, 2025
CVE-2025-15053
7.3 HIGH

A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the …

Dec 24, 2025
CVE-2025-15052
3.5 LOW

A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastname …

Dec 24, 2025
CVE-2025-15050
6.3 MEDIUM

A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of …

Dec 24, 2025
CVE-2025-68696
8.2 HIGH

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, …

Dec 23, 2025
CVE-2025-68669
9.6 CRITICAL

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where …

Dec 23, 2025
CVE-2025-68667

Conduit is a chat server powered by Matrix. A vulnerability that affects a number of Conduit-derived homeservers allows a remote, unauthenticated attacker to force the …

Dec 23, 2025
CVE-2025-68665
8.6 HIGH

LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization …

Dec 23, 2025
CVE-2025-68664
9.3 CRITICAL

LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and …

Dec 23, 2025
CVE-2025-68617
7.0 HIGH

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS …

Dec 23, 2025
CVE-2025-15049
7.3 HIGH

A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username …

Dec 23, 2025
CVE-2025-15048
7.3 HIGH

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a …

Dec 23, 2025
CVE-2025-66213
8.8 HIGH

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File …

Dec 23, 2025
CVE-2025-66212
8.8 HIGH

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic …

Dec 23, 2025
CVE-2025-66211
8.8 HIGH

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init …

Dec 23, 2025
CVE-2025-66210
8.8 HIGH

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database …

Dec 23, 2025
CVE-2025-66209
9.9 CRITICAL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database …

Dec 23, 2025
CVE-2025-15047
9.8 CRITICAL

A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a …

Dec 23, 2025
CVE-2025-15046
9.8 CRITICAL

A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request …

Dec 23, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.