CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-67743
6.3 MEDIUM

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP …

Dec 23, 2025
CVE-2025-15034
7.3 HIGH

A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the …

Dec 23, 2025
CVE-2025-68615
9.8 CRITICAL

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can …

Dec 23, 2025
CVE-2025-68614
4.3 MEDIUM

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules …

Dec 23, 2025
CVE-2025-68480
5.3 MEDIUM

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 …

Dec 22, 2025
CVE-2025-68476

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially …

Dec 22, 2025
CVE-2025-68475
7.5 HIGH

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial …

Dec 22, 2025
CVE-2025-67436
6.5 MEDIUM

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme …

Dec 22, 2025
CVE-2025-65857
7.5 HIGH

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video …

Dec 22, 2025
CVE-2025-65856
9.8 CRITICAL

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. …

Dec 22, 2025
CVE-2025-34458

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() …

Dec 22, 2025
CVE-2025-34457

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in …

Dec 22, 2025
CVE-2023-53981
7.2 HIGH

PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the …

Dec 22, 2025
CVE-2023-53980
9.8 CRITICAL

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with …

Dec 22, 2025
CVE-2023-53979
8.8 HIGH

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, …

Dec 22, 2025
CVE-2023-53978
5.4 MEDIUM

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. …

Dec 22, 2025
CVE-2023-53977
5.4 MEDIUM

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new …

Dec 22, 2025
CVE-2023-53976
5.4 MEDIUM

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new …

Dec 22, 2025
CVE-2023-53975
7.5 HIGH

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL …

Dec 22, 2025
CVE-2023-53974
7.5 HIGH

D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a …

Dec 22, 2025
CVE-2023-53973
8.4 HIGH

Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers …

Dec 22, 2025
CVE-2023-53972
7.5 HIGH

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and …

Dec 22, 2025
CVE-2023-53971
8.8 HIGH

WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload …

Dec 22, 2025
CVE-2023-53970
7.5 HIGH

Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers …

Dec 22, 2025
CVE-2023-53969
7.5 HIGH

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers …

Dec 22, 2025
CVE-2023-53968
9.8 CRITICAL

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers …

Dec 22, 2025
CVE-2023-53967
7.5 HIGH

Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers …

Dec 22, 2025
CVE-2023-53966
9.8 CRITICAL

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate …

Dec 22, 2025
CVE-2023-53965
8.4 HIGH

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can …

Dec 22, 2025
CVE-2023-53964
9.8 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request …

Dec 22, 2025
CVE-2023-53963
9.8 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can …

Dec 22, 2025
CVE-2023-53962
7.5 HIGH

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can …

Dec 22, 2025
CVE-2023-53961
4.3 MEDIUM

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages …

Dec 22, 2025
CVE-2023-53960
9.8 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious …

Dec 22, 2025
CVE-2023-53955
9.8 CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the …

Dec 22, 2025
CVE-2022-50690
8.4 HIGH

Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with …

Dec 22, 2025
CVE-2022-50689
6.2 MEDIUM

Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can …

Dec 22, 2025
CVE-2022-50688
8.4 HIGH

Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can …

Dec 22, 2025
CVE-2022-50687
5.5 MEDIUM

Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers …

Dec 22, 2025
CVE-2021-47715
5.3 MEDIUM

Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit …

Dec 22, 2025
CVE-2021-47714
5.5 MEDIUM

Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can …

Dec 22, 2025
CVE-2021-47713
7.5 HIGH

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. …

Dec 22, 2025
CVE-2025-66736
7.1 HIGH

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which …

Dec 22, 2025
CVE-2025-66735
7.5 HIGH

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly …

Dec 22, 2025
CVE-2025-65817
8.8 HIGH

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh.

Dec 22, 2025
CVE-2025-67418
9.8 CRITICAL

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote …

Dec 22, 2025
CVE-2025-67291
6.1 MEDIUM

A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting …

Dec 22, 2025
CVE-2025-67290
6.1 MEDIUM

A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via …

Dec 22, 2025
CVE-2025-65837
5.4 MEDIUM

PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.

Dec 22, 2025
CVE-2025-65790
6.1 MEDIUM

A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or …

Dec 22, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.