CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-68457
6.1 MEDIUM

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by …

Dec 19, 2025
CVE-2025-66580
9.6 CRITICAL

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting (XSS) vulnerability exists in versions prior …

Dec 19, 2025
CVE-2025-65035
6.4 MEDIUM

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version …

Dec 19, 2025
CVE-2025-63665
9.8 CRITICAL

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the …

Dec 19, 2025
CVE-2025-58053
9.8 CRITICAL

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST …

Dec 19, 2025
CVE-2025-58052
8.1 HIGH

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role …

Dec 19, 2025
CVE-2025-14957
3.3 LOW

A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation …

Dec 19, 2025
CVE-2025-14956
5.3 MEDIUM

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes …

Dec 19, 2025
CVE-2025-14955
3.7 LOW

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. …

Dec 19, 2025
CVE-2025-14812
7.5 HIGH

ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme …

Dec 19, 2025
CVE-2025-14809
7.4 HIGH

ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing …

Dec 19, 2025
CVE-2024-49587
9.1 CRITICAL

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit …

Dec 19, 2025
CVE-2023-30971
6.8 MEDIUM

Gotham Gaia application was found to be exposing multiple unauthenticated endpoints.

Dec 19, 2025
CVE-2025-67442
7.6 HIGH

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering …

Dec 19, 2025
CVE-2025-67048

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67039. Reason: This record is a reservation duplicate of CVE-2025-67039. Notes: All CVE users should reference …

Dec 19, 2025
CVE-2025-67047

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67036. Reason: This record is a reservation duplicate of CVE-2025-67036. Notes: All CVE users should reference …

Dec 19, 2025
CVE-2025-67046

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67037. Reason: This record is a reservation duplicate of CVE-2025-67037. Notes: All CVE users should reference …

Dec 19, 2025
CVE-2025-67045

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67041. Reason: This record is a reservation duplicate of CVE-2025-67041. Notes: All CVE users should reference …

Dec 19, 2025
CVE-2025-67044

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67035. Reason: This record is a reservation duplicate of CVE-2025-67035. Notes: All CVE users should reference …

Dec 19, 2025
CVE-2025-67043

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67038. Reason: This record is a reservation duplicate of CVE-2025-67038. Notes: All CVE users should reference …

Dec 19, 2025
CVE-2025-66906
6.1 MEDIUM

Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges.

Dec 19, 2025
CVE-2025-66905
7.5 HIGH

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include …

Dec 19, 2025
CVE-2025-53922
4.9 MEDIUM

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged …

Dec 19, 2025
CVE-2025-34433

AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid(). The …

Dec 19, 2025
CVE-2025-14954
3.7 LOW

A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation …

Dec 19, 2025
CVE-2025-14953
3.1 LOW

A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing …

Dec 19, 2025
CVE-2025-66911
6.5 MEDIUM

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows …

Dec 19, 2025
CVE-2025-66910
6.0 MEDIUM

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within …

Dec 19, 2025
CVE-2025-66909
7.5 HIGH

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() …

Dec 19, 2025
CVE-2025-66908
5.3 MEDIUM

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the …

Dec 19, 2025
CVE-2025-50681
7.5 HIGH

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a …

Dec 19, 2025
CVE-2025-14952
7.3 HIGH

A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_category.php. Performing a manipulation of the argument …

Dec 19, 2025
CVE-2025-14951
7.3 HIGH

A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation …

Dec 19, 2025
CVE-2025-14950
7.3 HIGH

A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of …

Dec 19, 2025
CVE-2025-1928
9.1 CRITICAL

Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.This issue affects Online Food Delivery …

Dec 19, 2025
CVE-2025-14946
4.8 MEDIUM

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This …

Dec 19, 2025
CVE-2025-14882

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible …

Dec 19, 2025
CVE-2025-14881

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible …

Dec 19, 2025
CVE-2025-1927
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Cross Site Request Forgery.This issue affects Online Food Delivery System: …

Dec 19, 2025
CVE-2025-1885
5.4 MEDIUM

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Phishing, Forceful Browsing.This issue affects Online Food …

Dec 19, 2025
CVE-2025-14847
7.5 HIGH KEV

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB …

Dec 19, 2025
CVE-2025-66524
8.8 HIGH

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state …

Dec 19, 2025
CVE-2025-14455
5.4 MEDIUM

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is …

Dec 19, 2025
CVE-2025-12361
4.3 MEDIUM

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, …

Dec 19, 2025
CVE-2025-14151
7.2 HIGH

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outbound_resource' parameter in the slimtrack AJAX action in all versions up …

Dec 19, 2025
CVE-2025-11747
6.4 MEDIUM

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibri_blog_posts shortcode in all versions up to, and including, 1.0.345 …

Dec 19, 2025
CVE-2025-66522
6.3 MEDIUM

A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize …

Dec 19, 2025
CVE-2025-66521
6.3 MEDIUM

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which …

Dec 19, 2025
CVE-2025-66520
6.3 MEDIUM

A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized …

Dec 19, 2025
CVE-2025-66519
6.3 MEDIUM

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” …

Dec 19, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.