CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-68110
9.9 CRITICAL

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, username, and …

Dec 17, 2025
CVE-2025-68109
9.1 CRITICAL

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of …

Dec 17, 2025
CVE-2025-67877
8.8 HIGH

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 have a SQL injection vulnerability in the `src/CartToFamily.php` file, specifically in how the `PersonAddress` …

Dec 17, 2025
CVE-2025-67876
5.4 MEDIUM

ChurchCRM is an open-source church management system. A stored cross-site scripting (XSS) vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user …

Dec 17, 2025
CVE-2025-67875
5.4 MEDIUM

ChurchCRM is an open-source church management system. A privilege escalation vulnerability exists in ChurchCRM prior to version 6.5.3. An authenticated user with specific mid-level permissions …

Dec 17, 2025
CVE-2025-67873
4.8 MEDIUM

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more …

Dec 17, 2025
CVE-2025-67794
6.1 MEDIUM

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created …

Dec 17, 2025
CVE-2025-67791
9.8 CRITICAL

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows …

Dec 17, 2025
CVE-2025-14832
7.3 HIGH

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of …

Dec 17, 2025
CVE-2025-67793
9.8 CRITICAL

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can …

Dec 17, 2025
CVE-2025-67792
7.8 HIGH

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to …

Dec 17, 2025
CVE-2025-67790
7.5 HIGH

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen …

Dec 17, 2025
CVE-2025-67789
5.3 MEDIUM

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other …

Dec 17, 2025
CVE-2025-67493
7.5 HIGH

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups …

Dec 17, 2025
CVE-2025-66647
9.8 CRITICAL

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was …

Dec 17, 2025
CVE-2025-59849
4.7 MEDIUM

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code …

Dec 17, 2025
CVE-2025-55254
3.7 LOW

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in …

Dec 17, 2025
CVE-2025-53000
7.8 HIGH

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows …

Dec 17, 2025
CVE-2025-46292
5.5 MEDIUM

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app …

Dec 17, 2025
CVE-2025-46291
7.8 HIGH

A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks.

Dec 17, 2025
CVE-2025-46288
5.5 MEDIUM

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. …

Dec 17, 2025
CVE-2025-46283
5.5 MEDIUM

A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.2. An app may be able to …

Dec 17, 2025
CVE-2025-46282
5.5 MEDIUM

The issue was addressed with additional permissions checks. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. An app may be able to access …

Dec 17, 2025
CVE-2025-46281
8.8 HIGH

A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of …

Dec 17, 2025
CVE-2025-46279
3.3 LOW

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe …

Dec 17, 2025
CVE-2025-46278
5.5 MEDIUM

The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected …

Dec 17, 2025
CVE-2025-46277
3.3 LOW

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, watchOS 26.2. An …

Dec 17, 2025
CVE-2025-43541
4.3 MEDIUM

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and …

Dec 17, 2025
CVE-2025-43536
4.3 MEDIUM

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS …

Dec 17, 2025
CVE-2025-43535
4.3 MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, …

Dec 17, 2025
CVE-2025-43533
5.7 MEDIUM

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia …

Dec 17, 2025
CVE-2025-43531
3.1 LOW

A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS …

Dec 17, 2025
CVE-2025-43529
8.8 HIGH KEV

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS …

Dec 17, 2025
CVE-2025-43526
9.8 CRITICAL

This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, …

Dec 17, 2025
CVE-2025-43514
5.5 MEDIUM

The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected …

Dec 17, 2025
CVE-2025-43501
4.3 MEDIUM

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and …

Dec 17, 2025
CVE-2025-43475
5.5 MEDIUM

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to …

Dec 17, 2025
CVE-2025-43428
9.8 CRITICAL

A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Photos in …

Dec 17, 2025
CVE-2025-14764
5.3 MEDIUM

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce …

Dec 17, 2025
CVE-2025-14763
5.3 MEDIUM

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce …

Dec 17, 2025
CVE-2025-14762
5.3 MEDIUM

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new …

Dec 17, 2025
CVE-2025-14761
5.3 MEDIUM

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new …

Dec 17, 2025
CVE-2025-67787
9.6 CRITICAL

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock Operations Center allows for session takeover over a network.

Dec 17, 2025
CVE-2025-67781
9.9 CRITICAL

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain …

Dec 17, 2025
CVE-2025-67074
6.5 MEDIUM

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code …

Dec 17, 2025
CVE-2025-67073
9.8 CRITICAL

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code …

Dec 17, 2025
CVE-2025-66646
7.5 HIGH

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was …

Dec 17, 2025
CVE-2025-66397
8.3 HIGH

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from …

Dec 17, 2025
CVE-2025-66396
7.2 HIGH

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the `src/UserEditor.php` file. When an administrator saves a …

Dec 17, 2025
CVE-2025-65233
6.1 MEDIUM

Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling of $_SERVER['PHP_SELF' ] in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript …

Dec 17, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.