CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-2915
3.3 LOW

A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of …

Mar 28, 2025
CVE-2025-2914
3.3 LOW

A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of …

Mar 28, 2025
CVE-2025-2913
3.3 LOW

A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the …

Mar 28, 2025
CVE-2025-2912
3.3 LOW

A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the …

Mar 28, 2025
CVE-2025-27726
2.1 LOW

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of …

Mar 28, 2025
CVE-2025-27574
3.6 LOW

Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may …

Mar 28, 2025
CVE-2025-2878
2.4 LOW

A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …

Mar 27, 2025
CVE-2024-55070
3.1 LOW

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.

Mar 27, 2025
CVE-2025-2849
3.3 LOW

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation …

Mar 27, 2025
CVE-2024-9773
3.7 LOW

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting …

Mar 27, 2025
CVE-2025-31141
2.7 LOW

In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page

Mar 27, 2025
CVE-2025-30877
2.7 LOW

Missing Authorization vulnerability in fatcatapps Quiz Cat quiz-cat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz Cat: from n/a through <= 3.0.8.

Mar 27, 2025
CVE-2025-20233
2.5 LOW

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a …

Mar 26, 2025
CVE-2025-31160
2.9 LOW

atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by …

Mar 26, 2025
CVE-2025-30351
3.5 LOW

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user …

Mar 26, 2025
CVE-2025-2528
3.6 LOW

Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one …

Mar 26, 2025
CVE-2025-1911
2.7 LOW

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file …

Mar 26, 2025
CVE-2024-12683
3.5 LOW

The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as …

Mar 26, 2025
CVE-2025-1452
3.5 LOW

The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to …

Mar 25, 2025
CVE-2025-0717
3.5 LOW

To exploit the vulnerability, it is necessary:

Mar 25, 2025
CVE-2024-13123
3.5 LOW

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to …

Mar 25, 2025
CVE-2024-13122
3.5 LOW

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to …

Mar 25, 2025
CVE-2024-12769
3.5 LOW

The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin …

Mar 25, 2025
CVE-2024-10560
3.5 LOW

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such …

Mar 25, 2025
CVE-2024-10554
3.5 LOW

The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin …

Mar 25, 2025
CVE-2025-2716
2.7 LOW

A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation …

Mar 24, 2025
CVE-2025-2715
3.5 LOW

A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the …

Mar 24, 2025
CVE-2025-30163
3.4 LOW

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node …

Mar 24, 2025
CVE-2025-30162
3.2 LOW

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and …

Mar 24, 2025
CVE-2025-2700
3.5 LOW

A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link …

Mar 24, 2025
CVE-2025-2699
3.5 LOW

A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of …

Mar 24, 2025
CVE-2025-1203
3.5 LOW

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege …

Mar 24, 2025
CVE-2025-1062
3.5 LOW

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege …

Mar 24, 2025
CVE-2024-13124
3.5 LOW

The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such …

Mar 24, 2025
CVE-2024-10558
3.5 LOW

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such …

Mar 24, 2025
CVE-2025-2673
3.5 LOW

A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation …

Mar 24, 2025
CVE-2025-2650
3.5 LOW

A vulnerability, which was classified as problematic, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the …

Mar 23, 2025
CVE-2025-2645
3.5 LOW

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file …

Mar 23, 2025
CVE-2025-2623
3.5 LOW

A vulnerability was found in westboy CicadasCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file …

Mar 22, 2025
CVE-2025-2617
2.4 LOW

A vulnerability classified as problematic was found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected by this vulnerability is an unknown functionality of the component Department …

Mar 22, 2025
CVE-2025-1972
2.7 LOW

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() …

Mar 22, 2025
CVE-2025-2616
2.4 LOW

A vulnerability classified as problematic has been found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected is an unknown function of the component Role Management Page. …

Mar 22, 2025
CVE-2025-2590
2.4 LOW

A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file …

Mar 21, 2025
CVE-2025-2588
3.3 LOW

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation …

Mar 21, 2025
CVE-2025-27715
3.3 LOW

Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining …

Mar 21, 2025
CVE-2025-2583
3.5 LOW

A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation …

Mar 21, 2025
CVE-2025-2582
3.5 LOW

A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The …

Mar 21, 2025
CVE-2025-30345
3.5 LOW

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of …

Mar 21, 2025
CVE-2025-30343
3.0 LOW

A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users …

Mar 21, 2025
CVE-2025-2555
2.9 LOW

A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. …

Mar 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.