CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-27708
9.6 CRITICAL

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter.

Dec 22, 2025
CVE-2024-25812
6.1 MEDIUM

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the src parameter.

Dec 22, 2025
CVE-2025-67288
10.0 CRITICAL

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed …

Dec 22, 2025
CVE-2025-63664
7.5 HIGH

Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI …

Dec 22, 2025
CVE-2025-63663
7.5 HIGH

Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.

Dec 22, 2025
CVE-2025-63662
7.5 HIGH

Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.

Dec 22, 2025
CVE-2025-26787
4.7 MEDIUM

An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate …

Dec 22, 2025
CVE-2025-15033
6.5 MEDIUM

A vulnerability in WooCommerce 8.1 to 10.4.2 can allow logged-in customers to access order data of guest customers on sites with a certain configuration. This …

Dec 22, 2025
CVE-2024-35321
4.3 MEDIUM

MyNET up to v26.08 was discovered to contain a Reflected cross-site scripting (XSS) vulnerability via the msgtipo parameter.

Dec 22, 2025
CVE-2024-25814
6.1 MEDIUM

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.

Dec 22, 2025
CVE-2025-68645
8.8 HIGH KEV

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied …

Dec 22, 2025
CVE-2025-67289
9.6 CRITICAL

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

Dec 22, 2025
CVE-2025-65270
6.1 MEDIUM

Reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the …

Dec 22, 2025
CVE-2025-68337

In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: …

Dec 22, 2025
CVE-2025-68336

In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write …

Dec 22, 2025
CVE-2025-68335

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems …

Dec 22, 2025
CVE-2025-68334

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Add support for Van Gogh SoC The ROG Xbox Ally (non-X) SoC features a …

Dec 22, 2025
CVE-2025-68333
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix possible deadlock in the deferred_irq_workfn() For PREEMPT_RT=y kernels, the deferred_irq_workfn() is executed in …

Dec 22, 2025
CVE-2025-68332

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be …

Dec 22, 2025
CVE-2025-68331

In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data …

Dec 22, 2025
CVE-2025-68330

In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in …

Dec 22, 2025
CVE-2025-68329

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs When a VMA is split (e.g., by …

Dec 22, 2025
CVE-2025-68328

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platform_set_drvdata and …

Dec 22, 2025
CVE-2025-68327

In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the …

Dec 22, 2025
CVE-2025-68326

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stack_depot usage Add missing stack_depot_init() call when CONFIG_DRM_XE_DEBUG_GUC is enabled to fix the …

Dec 22, 2025
CVE-2025-67443
6.1 MEDIUM

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in …

Dec 22, 2025
CVE-2025-10021

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` …

Dec 22, 2025
CVE-2025-67826
7.7 HIGH

An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by …

Dec 22, 2025
CVE-2025-61740

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration …

Dec 22, 2025
CVE-2025-26379

Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.

Dec 22, 2025
CVE-2025-14018
7.3 HIGH

Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries.This issue affects e-Fatura: …

Dec 22, 2025
CVE-2025-14273
7.2 HIGH

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 …

Dec 22, 2025
CVE-2025-8460
6.8 MEDIUM

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS …

Dec 22, 2025
CVE-2025-61739

Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.

Dec 22, 2025
CVE-2025-61738

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network.

Dec 22, 2025
CVE-2025-54890
6.8 MEDIUM

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users …

Dec 22, 2025
CVE-2025-12514
7.2 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets …

Dec 22, 2025
CVE-2025-62880
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in Kunal Custom 404 Pro custom-404-pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through <= …

Dec 22, 2025
CVE-2025-62107
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page feather-login-page allows Cross Site Request Forgery.This issue affects Feather Login Page: from n/a through <= …

Dec 22, 2025
CVE-2025-62094
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidthemes Void Elementor WHMCS Elements For Elementor Page Builder void-elementor-whmcs-elements.This issue affects Void …

Dec 22, 2025
CVE-2025-8305
6.5 MEDIUM

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in …

Dec 22, 2025
CVE-2025-8304
6.5 MEDIUM

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows …

Dec 22, 2025
CVE-2025-11545

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server …

Dec 22, 2025
CVE-2025-11544

Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.

Dec 22, 2025
CVE-2025-15014
6.3 MEDIUM

A security flaw has been discovered in loganhong php loganSite up to c035fb5c3edd0b2a5e32fd4051cbbc9e61a31426. This affects an unknown function of the file /includes/article_detail.php of the component …

Dec 22, 2025
CVE-2025-15013
5.3 MEDIUM

A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to …

Dec 22, 2025
CVE-2025-15012
7.3 HIGH

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of …

Dec 22, 2025
CVE-2025-12049
9.8 CRITICAL

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of …

Dec 22, 2025
CVE-2025-11543
9.8 CRITICAL

Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.

Dec 22, 2025
CVE-2025-11542
9.8 CRITICAL

Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.

Dec 22, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.