CVE Database

37788+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-23094
7.3 HIGH

The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and …

Feb 6, 2025
CVE-2024-54171
7.1 HIGH

IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to …

Feb 6, 2025
CVE-2025-23093
8.8 HIGH

The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct …

Feb 6, 2025
CVE-2024-57426
7.3 HIGH

NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where …

Feb 6, 2025
CVE-2024-47258
8.1 HIGH

2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N …

Feb 6, 2025
CVE-2025-24787
8.6 HIGH

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an …

Feb 6, 2025
CVE-2024-57668
8.8 HIGH

In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability.

Feb 6, 2025
CVE-2025-22867
7.5 HIGH

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of …

Feb 6, 2025
CVE-2024-57610
7.5 HIGH

A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account …

Feb 6, 2025
CVE-2024-36558
7.5 HIGH

Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication.

Feb 6, 2025
CVE-2024-36553
8.1 HIGH

Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack.

Feb 6, 2025
CVE-2024-43779
7.7 HIGH

An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults …

Feb 6, 2025
CVE-2024-39033
7.5 HIGH

In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen.

Feb 6, 2025
CVE-2025-0994
8.8 HIGH KEV

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an …

Feb 6, 2025
CVE-2022-31764
8.5 HIGH

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects …

Feb 6, 2025
CVE-2024-57960
7.7 HIGH

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Feb 6, 2025
CVE-2024-37358
8.6 HIGH

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could …

Feb 6, 2025
CVE-2025-23236
8.8 HIGH

Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system …

Feb 6, 2025
CVE-2025-22894
8.8 HIGH

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the …

Feb 6, 2025
CVE-2025-20094
8.8 HIGH

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the …

Feb 6, 2025
CVE-2025-22890
8.8 HIGH

Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the …

Feb 6, 2025
CVE-2024-13487
7.3 HIGH

The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is …

Feb 6, 2025
CVE-2024-49814
7.8 HIGH

IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.

Feb 6, 2025
CVE-2024-57699
7.5 HIGH

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a …

Feb 5, 2025
CVE-2024-57086
7.5 HIGH

A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57085
7.5 HIGH

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57084
7.5 HIGH

A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57081
7.5 HIGH

A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57080
7.5 HIGH

A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57079
7.5 HIGH

A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57078
7.5 HIGH

A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57076
7.5 HIGH

A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57075
7.5 HIGH

A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57074
7.5 HIGH

A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57072
7.5 HIGH

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57071
7.5 HIGH

A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57069
7.5 HIGH

A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57068
7.5 HIGH

A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57067
7.5 HIGH

A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57066
7.5 HIGH

A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57065
7.5 HIGH

A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-57064
7.5 HIGH

A prototype pollution in the lib.setValue function of @syncfusion/ej2-spreadsheet v27.2.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. NOTE: …

Feb 5, 2025
CVE-2024-57063
7.5 HIGH

A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Feb 5, 2025
CVE-2024-48394
7.8 HIGH

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit …

Feb 5, 2025
CVE-2025-24372
7.3 HIGH

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload …

Feb 5, 2025
CVE-2025-24497
7.5 HIGH

When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical …

Feb 5, 2025
CVE-2025-24326
7.5 HIGH

When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions …

Feb 5, 2025
CVE-2025-24320
8.0 HIGH

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the …

Feb 5, 2025
CVE-2025-24312
7.5 HIGH

When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed …

Feb 5, 2025
CVE-2025-23412
7.5 HIGH

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End …

Feb 5, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.