CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-62190
4.3 MEDIUM

Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 and Mattermost Calls versions <=1.10.0 fail to implement CSRF protection on the Calls widget …

Dec 17, 2025
CVE-2025-61736

Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.

Dec 17, 2025
CVE-2025-14097
7.2 HIGH

A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. …

Dec 17, 2025
CVE-2025-14096
8.4 HIGH

A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is …

Dec 17, 2025
CVE-2025-13352
3.0 LOW

Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack …

Dec 17, 2025
CVE-2025-67895
9.8 CRITICAL

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it …

Dec 17, 2025
CVE-2025-14095
6.8 MEDIUM

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the …

Dec 17, 2025
CVE-2025-14101
7.1 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers.This issue affects PaperWork: from 5.2.0.9427 before 6.0.

Dec 17, 2025
CVE-2025-14347
6.3 MEDIUM

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. OBS (Student Affairs Information System)0 allows Reflected XSS.This …

Dec 17, 2025
CVE-2025-14399
4.3 MEDIUM

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, …

Dec 17, 2025
CVE-2025-12496
4.9 MEDIUM

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the `file` parameter. This …

Dec 17, 2025
CVE-2025-14817
6.5 MEDIUM

The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging …

Dec 17, 2025
CVE-2025-14061
5.3 MEDIUM

The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent plugin for WordPress is vulnerable …

Dec 17, 2025
CVE-2025-13750
4.3 MEDIUM

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a …

Dec 17, 2025
CVE-2025-11924
7.5 HIGH

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up …

Dec 17, 2025
CVE-2025-14154
6.1 MEDIUM

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via guest display …

Dec 17, 2025
CVE-2025-64700
4.3 MEDIUM

Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked …

Dec 17, 2025
CVE-2025-59374
9.8 CRITICAL KEV

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds …

Dec 17, 2025
CVE-2025-14385
6.4 MEDIUM

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 10.2.3 …

Dec 17, 2025
CVE-2025-13880
6.5 MEDIUM

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) plugin for WordPress is vulnerable …

Dec 17, 2025
CVE-2025-13861
6.1 MEDIUM

The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 …

Dec 17, 2025
CVE-2025-11901

An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series …

Dec 17, 2025
CVE-2025-11775

An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to …

Dec 17, 2025
CVE-2025-14305
7.8 HIGH

ListCheck.exe developed by Acer has a Local Privilege Escalation vulnerability. Authenticated local attackers can replace ListCheck.exe with a malicious executable of the same name, which …

Dec 17, 2025
CVE-2025-14304
6.8 MEDIUM

Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated …

Dec 17, 2025
CVE-2025-13977
6.4 MEDIUM

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in …

Dec 17, 2025
CVE-2025-14303
6.8 MEDIUM

Certain motherboard models developed by MSI has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable …

Dec 17, 2025
CVE-2025-14302
6.8 MEDIUM

Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable …

Dec 17, 2025
CVE-2025-14801
2.4 LOW

A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the …

Dec 17, 2025
CVE-2025-11369
4.3 MEDIUM

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a …

Dec 17, 2025
CVE-2025-11009
5.1 MEDIUM

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows …

Dec 17, 2025
CVE-2025-53524
7.8 HIGH

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary …

Dec 17, 2025
CVE-2025-14701
7.1 HIGH

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.

Dec 17, 2025
CVE-2025-14700
9.9 CRITICAL

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side …

Dec 17, 2025
CVE-2025-34288
6.7 MEDIUM

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A …

Dec 16, 2025
CVE-2025-14766
8.8 HIGH

Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a …

Dec 16, 2025
CVE-2025-14765
8.8 HIGH

Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Dec 16, 2025
CVE-2025-68274
7.5 HIGH

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference …

Dec 16, 2025
CVE-2025-64520
6.5 MEDIUM

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API …

Dec 16, 2025
CVE-2025-53619
7.4 HIGH

An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An …

Dec 16, 2025
CVE-2025-53618
7.4 HIGH

An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An …

Dec 16, 2025
CVE-2025-52582
7.4 HIGH

An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An …

Dec 16, 2025
CVE-2025-48429
7.4 HIGH

An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An …

Dec 16, 2025
CVE-2025-14466
5.3 MEDIUM

A vulnerability in the web interface of the Güralp Fortimus Series, Minimus Series and Certimus Series allows an unauthenticated attacker with network access to send …

Dec 16, 2025
CVE-2025-0852

Rejected reason: Voluntarily withdrawn

Dec 16, 2025
CVE-2025-8872
6.5 MEDIUM

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may …

Dec 16, 2025
CVE-2025-65834
9.8 CRITICAL

Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By …

Dec 16, 2025
CVE-2025-13532
6.2 MEDIUM

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This …

Dec 16, 2025
CVE-2025-68270
9.9 CRITICAL

The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if …

Dec 16, 2025
CVE-2025-68156
7.5 HIGH

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and …

Dec 16, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.