CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-58317
5.3 MEDIUM

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework …

Dec 18, 2025
CVE-2023-53944
6.5 MEDIUM

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager …

Dec 18, 2025
CVE-2023-53943
5.3 MEDIUM

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email …

Dec 18, 2025
CVE-2023-53942
8.8 HIGH

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can …

Dec 18, 2025
CVE-2023-53941
9.8 CRITICAL

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control …

Dec 18, 2025
CVE-2023-53940
7.8 HIGH

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can …

Dec 18, 2025
CVE-2023-53939
5.4 MEDIUM

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album …

Dec 18, 2025
CVE-2023-53938
5.4 MEDIUM

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability …

Dec 18, 2025
CVE-2023-53937
7.8 HIGH

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate …

Dec 18, 2025
CVE-2023-53936
4.8 MEDIUM

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with …

Dec 18, 2025
CVE-2023-53935
5.4 MEDIUM

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject …

Dec 18, 2025
CVE-2023-53934
7.5 HIGH

A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation …

Dec 18, 2025
CVE-2023-53738
5.4 MEDIUM

A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to …

Dec 18, 2025
CVE-2023-53737
4.8 MEDIUM

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could …

Dec 18, 2025
CVE-2023-53736
5.4 MEDIUM

A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to …

Dec 18, 2025
CVE-2022-50686
7.5 HIGH

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages …

Dec 18, 2025
CVE-2022-50685
5.4 MEDIUM

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers …

Dec 18, 2025
CVE-2022-50684
6.1 MEDIUM

An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values …

Dec 18, 2025
CVE-2022-50683
5.4 MEDIUM

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute …

Dec 18, 2025
CVE-2022-50682
6.5 MEDIUM

A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable …

Dec 18, 2025
CVE-2022-50681
6.1 MEDIUM

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers …

Dec 18, 2025
CVE-2022-50680
4.8 MEDIUM

A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to …

Dec 18, 2025
CVE-2021-47712
7.5 HIGH

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer …

Dec 18, 2025
CVE-2021-47711
8.8 HIGH

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database …

Dec 18, 2025
CVE-2020-36891
5.4 MEDIUM

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit …

Dec 18, 2025
CVE-2020-36890
7.2 HIGH

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator …

Dec 18, 2025
CVE-2020-36889
5.4 MEDIUM

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious …

Dec 18, 2025
CVE-2019-25230
4.3 MEDIUM

An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit …

Dec 18, 2025
CVE-2019-25229
8.8 HIGH

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader …

Dec 18, 2025
CVE-2019-25228
5.3 MEDIUM

An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. …

Dec 18, 2025
CVE-2025-67745
7.1 HIGH

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs …

Dec 18, 2025
CVE-2025-65568
7.5 HIGH

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR …

Dec 18, 2025
CVE-2025-65567
7.5 HIGH

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a specially crafted PFCP Session Establishment Request with a …

Dec 18, 2025
CVE-2025-65565
7.5 HIGH

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is …

Dec 18, 2025
CVE-2025-65564
7.5 HIGH

A denial-of-service vulnerability exists in the omec-upf (upf-epc-pfcpiface) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory …

Dec 18, 2025
CVE-2025-65563
7.5 HIGH

A denial-of-service vulnerability exists in the omec-project UPF (component upf-epc/pfcpiface) up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request …

Dec 18, 2025
CVE-2025-65562
7.5 HIGH

The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send …

Dec 18, 2025
CVE-2025-65561
7.5 HIGH

An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header …

Dec 18, 2025
CVE-2025-65559
7.5 HIGH

An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF crashes with a reachable assertion in `lib/pfcp/context.c` (`ogs_pfcp_object_teid_hash_set`) …

Dec 18, 2025
CVE-2025-63387
7.5 HIGH

Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or …

Dec 18, 2025
CVE-2025-59949
5.3 MEDIUM

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service …

Dec 18, 2025
CVE-2025-56157
9.8 CRITICAL

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that …

Dec 18, 2025
CVE-2025-14885
6.3 MEDIUM

A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads …

Dec 18, 2025
CVE-2025-14739

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution …

Dec 18, 2025
CVE-2025-14738
7.5 HIGH

Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.

Dec 18, 2025
CVE-2025-14737
8.0 HIGH

Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.

Dec 18, 2025
CVE-2025-66058
6.5 MEDIUM

Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg …

Dec 18, 2025
CVE-2025-64355
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: …

Dec 18, 2025
CVE-2025-64282
4.3 MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks radius-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a …

Dec 18, 2025
CVE-2025-64236
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.

Dec 18, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.