CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-68155
7.5 HIGH

@vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Prior to version 0.5.8, the `/__vite_rsc_findSourceMapURL` endpoint in `@vitejs/plugin-rsc` allows unauthenticated arbitrary file read during development …

Dec 16, 2025
CVE-2025-68154
8.1 HIGH

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command …

Dec 16, 2025
CVE-2025-68150
6.5 MEDIUM

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the …

Dec 16, 2025
CVE-2025-68146
6.3 MEDIUM

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate …

Dec 16, 2025
CVE-2025-65593
8.8 HIGH

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality.

Dec 16, 2025
CVE-2025-65592
6.1 MEDIUM

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields …

Dec 16, 2025
CVE-2025-65591
5.4 MEDIUM

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.

Dec 16, 2025
CVE-2025-65590
5.4 MEDIUM

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area.

Dec 16, 2025
CVE-2025-14553

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force …

Dec 16, 2025
CVE-2025-68142
5.3 MEDIUM

PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption …

Dec 16, 2025
CVE-2025-65589
6.1 MEDIUM

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality.

Dec 16, 2025
CVE-2025-65581
5.3 MEDIUM

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in …

Dec 16, 2025
CVE-2025-62864
9.8 CRITICAL

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM …

Dec 16, 2025
CVE-2025-62863
9.8 CRITICAL

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM …

Dec 16, 2025
CVE-2025-52196
7.5 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted …

Dec 16, 2025
CVE-2025-46296
5.4 MEDIUM

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and …

Dec 16, 2025
CVE-2025-46295
9.8 CRITICAL

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some …

Dec 16, 2025
CVE-2025-46294
5.3 MEDIUM

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. …

Dec 16, 2025
CVE-2025-33235
7.8 HIGH

NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this …

Dec 16, 2025
CVE-2025-33226
7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of …

Dec 16, 2025
CVE-2025-33225
8.4 HIGH

NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability …

Dec 16, 2025
CVE-2025-33212
7.3 HIGH

NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously …

Dec 16, 2025
CVE-2025-33210
9.0 CRITICAL

NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.

Dec 16, 2025
CVE-2023-53900
8.8 HIGH

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking …

Dec 16, 2025
CVE-2023-53896
7.5 HIGH

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit …

Dec 16, 2025
CVE-2025-68130

tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and …

Dec 16, 2025
CVE-2025-68116
8.9 HIGH

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling …

Dec 16, 2025
CVE-2025-63414
10.0 CRITICAL

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP …

Dec 16, 2025
CVE-2025-62862
4.6 MEDIUM

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM …

Dec 16, 2025
CVE-2025-59935
6.5 MEDIUM

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an …

Dec 16, 2025
CVE-2025-50401
9.8 CRITICAL

Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password.

Dec 16, 2025
CVE-2025-50398
9.8 CRITICAL

Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter fac_password.

Dec 16, 2025
CVE-2025-37164
10.0 CRITICAL KEV

A remote code execution issue exists in HPE OneView.

Dec 16, 2025
CVE-2025-29231
6.1 MEDIUM

A stored cross-site scripting (XSS) vulnerability in the page_save component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a …

Dec 16, 2025
CVE-2023-53903
5.4 MEDIUM

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG …

Dec 16, 2025
CVE-2023-53902
6.5 MEDIUM

WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET …

Dec 16, 2025
CVE-2023-53901
5.4 MEDIUM

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a …

Dec 16, 2025
CVE-2023-53899
9.8 CRITICAL

PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' …

Dec 16, 2025
CVE-2023-53898
5.4 MEDIUM

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application …

Dec 16, 2025
CVE-2023-53897
5.4 MEDIUM

Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments …

Dec 16, 2025
CVE-2023-53895
9.8 CRITICAL

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit …

Dec 16, 2025
CVE-2023-53894
9.8 CRITICAL

phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft …

Dec 16, 2025
CVE-2025-68322

In the Linux kernel, the following vulnerability has been resolved: parisc: Avoid crash due to unaligned access in unwinder Guenter Roeck reported this kernel crash …

Dec 16, 2025
CVE-2025-68321

In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for …

Dec 16, 2025
CVE-2025-68320

In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to …

Dec 16, 2025
CVE-2025-68319

In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire su_mutex before navigating configs hierarchy There is a race between operations that iterate …

Dec 16, 2025
CVE-2025-68318

In the Linux kernel, the following vulnerability has been resolved: clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL The AXI crossbar of TH1520 has …

Dec 16, 2025
CVE-2025-68317

In the Linux kernel, the following vulnerability has been resolved: io_uring/zctx: check chained notif contexts Send zc only links ubuf_info for requests coming from the …

Dec 16, 2025
CVE-2025-68316

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After DME Link Startup, the error …

Dec 16, 2025
CVE-2025-68315

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid …

Dec 16, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.