CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-66502
6.3 MEDIUM

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which …

Dec 19, 2025
CVE-2025-66501
6.3 MEDIUM

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored …

Dec 19, 2025
CVE-2025-66500
6.3 MEDIUM

A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script …

Dec 19, 2025
CVE-2025-66499
7.8 HIGH

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the …

Dec 19, 2025
CVE-2025-66498
5.3 MEDIUM

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening …

Dec 19, 2025
CVE-2025-66497
5.3 MEDIUM

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening …

Dec 19, 2025
CVE-2025-66496
5.3 MEDIUM

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening …

Dec 19, 2025
CVE-2025-66495
7.8 HIGH

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF …

Dec 19, 2025
CVE-2025-66494
7.8 HIGH

A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by …

Dec 19, 2025
CVE-2025-66493
7.8 HIGH

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening …

Dec 19, 2025
CVE-2025-66174
6.5 MEDIUM

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with …

Dec 19, 2025
CVE-2025-66173
6.2 MEDIUM

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with …

Dec 19, 2025
CVE-2025-14449
6.4 MEDIUM

The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's babe-search-form shortcode in all versions up to, and including, …

Dec 19, 2025
CVE-2025-14267
4.9 MEDIUM

Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7

Dec 19, 2025
CVE-2025-13999
7.2 HIGH

The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions …

Dec 19, 2025
CVE-2025-13754
5.3 MEDIUM

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, …

Dec 19, 2025
CVE-2025-13008

An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using …

Dec 19, 2025
CVE-2025-13307
7.2 HIGH

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under …

Dec 19, 2025
CVE-2025-14546
6.3 MEDIUM

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery (CSRF) due to the improper validation of the OAuth state parameter during …

Dec 19, 2025
CVE-2025-68491

Rejected reason: Not used

Dec 19, 2025
CVE-2025-68490

Rejected reason: Not used

Dec 19, 2025
CVE-2025-68489

Rejected reason: Not used

Dec 19, 2025
CVE-2025-68488

Rejected reason: Not used

Dec 19, 2025
CVE-2025-68487

Rejected reason: Not used

Dec 19, 2025
CVE-2025-68486

Rejected reason: Not used

Dec 19, 2025
CVE-2025-68485

Rejected reason: Not used

Dec 19, 2025
CVE-2025-68484

Rejected reason: Not used

Dec 19, 2025
CVE-2025-68483

Rejected reason: Not used

Dec 19, 2025
CVE-2025-14940
7.3 HIGH

A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the …

Dec 19, 2025
CVE-2025-14939
4.7 MEDIUM

A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument …

Dec 19, 2025
CVE-2025-67846
4.9 MEDIUM

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the …

Dec 19, 2025
CVE-2025-67845
6.4 MEDIUM

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML …

Dec 19, 2025
CVE-2025-67844
5.0 MEDIUM

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It …

Dec 19, 2025
CVE-2025-67843
8.3 HIGH

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline …

Dec 19, 2025
CVE-2025-67842
6.4 MEDIUM

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any …

Dec 19, 2025
CVE-2025-52692
8.8 HIGH

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without …

Dec 19, 2025
CVE-2025-14910
4.3 MEDIUM

A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. …

Dec 19, 2025
CVE-2025-14909
4.3 MEDIUM

A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead …

Dec 19, 2025
CVE-2025-13941
8.8 HIGH

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used …

Dec 19, 2025
CVE-2025-14908
6.3 MEDIUM

A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component …

Dec 19, 2025
CVE-2025-14900
4.7 MEDIUM

A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /admin/userdelete.php of the component …

Dec 19, 2025
CVE-2025-14899
4.7 MEDIUM

A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /admin/stateadd.php of the component Administrator …

Dec 19, 2025
CVE-2025-14733
9.8 CRITICAL KEV

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User …

Dec 19, 2025
CVE-2025-11774
8.2 HIGH

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") …

Dec 19, 2025
CVE-2025-64675
8.3 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.

Dec 19, 2025
CVE-2025-14898
4.7 MEDIUM

A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /admin/userbuilderdelete.php of the component …

Dec 19, 2025
CVE-2025-14897
4.7 MEDIUM

A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component …

Dec 19, 2025
CVE-2025-68422
4.3 MEDIUM

Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP …

Dec 18, 2025
CVE-2025-68398
9.1 CRITICAL

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its …

Dec 18, 2025
CVE-2025-68390
4.9 MEDIUM

Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of …

Dec 18, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.