CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-13703
7.8 HIGH

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security …

Dec 23, 2025
CVE-2025-13700
7.2 HIGH

DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required …

Dec 23, 2025
CVE-2025-13699
7.0 HIGH

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with …

Dec 23, 2025
CVE-2025-13698
4.5 MEDIUM

Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. …

Dec 23, 2025
CVE-2025-12840
7.8 HIGH

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected …

Dec 23, 2025
CVE-2025-12839
7.8 HIGH

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected …

Dec 23, 2025
CVE-2025-12838
7.3 HIGH

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An …

Dec 23, 2025
CVE-2025-12495
7.8 HIGH

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected …

Dec 23, 2025
CVE-2025-12491
7.5 HIGH

Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required …

Dec 23, 2025
CVE-2025-15045
9.8 CRITICAL

A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request …

Dec 23, 2025
CVE-2025-15044
9.8 CRITICAL

A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in …

Dec 23, 2025
CVE-2025-14936
7.8 HIGH

NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Dec 23, 2025
CVE-2025-14935
7.8 HIGH

NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Dec 23, 2025
CVE-2025-14934
7.8 HIGH

NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Dec 23, 2025
CVE-2025-14933
7.8 HIGH

NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF …

Dec 23, 2025
CVE-2025-14932
7.8 HIGH

NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Dec 23, 2025
CVE-2025-14931
10.0 CRITICAL

Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected …

Dec 23, 2025
CVE-2025-14930
7.8 HIGH

Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Dec 23, 2025
CVE-2025-14929
7.8 HIGH

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected …

Dec 23, 2025
CVE-2025-14928
7.8 HIGH

Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging …

Dec 23, 2025
CVE-2025-14927
7.8 HIGH

Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging …

Dec 23, 2025
CVE-2025-14926
7.8 HIGH

Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging …

Dec 23, 2025
CVE-2025-14925
7.8 HIGH

Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging …

Dec 23, 2025
CVE-2025-14924
7.8 HIGH

Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Dec 23, 2025
CVE-2025-14922
7.8 HIGH

Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Dec 23, 2025
CVE-2025-14921
7.8 HIGH

Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Dec 23, 2025
CVE-2025-14920
7.8 HIGH

Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Dec 23, 2025
CVE-2025-11419
7.5 HIGH

A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 …

Dec 23, 2025
CVE-2025-65354
9.8 CRITICAL

Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and disclose database …

Dec 23, 2025
CVE-2023-53982
7.5 HIGH

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can …

Dec 23, 2025
CVE-2021-47739
8.4 HIGH

Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers …

Dec 23, 2025
CVE-2021-47738
5.4 MEDIUM

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with …

Dec 23, 2025
CVE-2021-47737
5.4 MEDIUM

CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to …

Dec 23, 2025
CVE-2021-47736
7.2 HIGH

CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with …

Dec 23, 2025
CVE-2021-47735
8.8 HIGH

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the …

Dec 23, 2025
CVE-2021-47734
7.8 HIGH

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage …

Dec 23, 2025
CVE-2021-47733
6.1 MEDIUM

CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts …

Dec 23, 2025
CVE-2021-47732
6.1 MEDIUM

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered …

Dec 23, 2025
CVE-2021-47722
3.5 LOW

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can …

Dec 23, 2025
CVE-2021-47721
8.8 HIGH

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the …

Dec 23, 2025
CVE-2021-47720
7.1 HIGH

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL …

Dec 23, 2025
CVE-2021-47716
5.4 MEDIUM

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', …

Dec 23, 2025
CVE-2025-25364
8.4 HIGH

A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges.

Dec 23, 2025
CVE-2025-10863

Rejected reason: This CVE id was assigned but later discarded.

Dec 23, 2025
CVE-2025-51511
9.8 CRITICAL

Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.

Dec 23, 2025
CVE-2025-65713
4.0 MEDIUM

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal …

Dec 23, 2025
CVE-2025-65410
6.2 MEDIUM

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input …

Dec 23, 2025
CVE-2025-33224
9.8 CRITICAL

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to …

Dec 23, 2025
CVE-2025-33223
9.8 CRITICAL

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to …

Dec 23, 2025
CVE-2025-33222
9.8 CRITICAL

NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code …

Dec 23, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.