CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-66449
8.8 HIGH

ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint `/upload` allows an authenticated user to write arbitrary files on the system, …

Dec 16, 2025
CVE-2025-14758
6.5 MEDIUM

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including …

Dec 16, 2025
CVE-2025-9460
7.8 HIGH

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-9459
7.8 HIGH

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-9457
7.8 HIGH

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-9456
7.8 HIGH

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-9455
7.8 HIGH

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-9454
7.8 HIGH

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-9453
7.8 HIGH

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-9452
7.8 HIGH

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-66482
6.5 MEDIUM

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can …

Dec 16, 2025
CVE-2025-66407
5.0 MEDIUM

Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a …

Dec 16, 2025
CVE-2025-66402
6.5 MEDIUM

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission …

Dec 16, 2025
CVE-2025-58173
8.8 HIGH

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the `language` user configuration parameter, it's possible to …

Dec 16, 2025
CVE-2025-14731
6.3 MEDIUM

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component …

Dec 16, 2025
CVE-2025-14593
7.8 HIGH

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10900
7.8 HIGH

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10899
7.8 HIGH

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10898
7.8 HIGH

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10889
7.8 HIGH

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10888
7.8 HIGH

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10887
7.8 HIGH

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10886
7.8 HIGH

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10884
7.8 HIGH

AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10883
7.8 HIGH

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10882
7.8 HIGH

AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Dec 16, 2025
CVE-2025-10881
7.8 HIGH

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to …

Dec 16, 2025
CVE-2025-9122
5.3 MEDIUM

Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when …

Dec 15, 2025
CVE-2025-9121
8.8 HIGH

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to …

Dec 15, 2025
CVE-2025-14730
4.7 MEDIUM

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/Ct_Config.php …

Dec 15, 2025
CVE-2025-14729
4.7 MEDIUM

A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/Ct_App.php of the …

Dec 15, 2025
CVE-2025-64725
9.8 CRITICAL

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version …

Dec 15, 2025
CVE-2025-59947
9.0 CRITICAL

NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both …

Dec 15, 2025
CVE-2025-55895
9.1 CRITICAL

TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).

Dec 15, 2025
CVE-2025-14722
2.4 LOW

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation …

Dec 15, 2025
CVE-2023-53893
6.5 MEDIUM

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers …

Dec 15, 2025
CVE-2023-53892
7.2 HIGH

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can …

Dec 15, 2025
CVE-2023-53891
5.4 MEDIUM

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads …

Dec 15, 2025
CVE-2023-53890
5.4 MEDIUM

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG …

Dec 15, 2025
CVE-2023-53889
7.2 HIGH

Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can …

Dec 15, 2025
CVE-2023-53888
8.8 HIGH

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can …

Dec 15, 2025
CVE-2023-53887
5.4 MEDIUM

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source …

Dec 15, 2025
CVE-2023-53886
7.5 HIGH

Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger …

Dec 15, 2025
CVE-2023-53885
7.2 HIGH

Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR …

Dec 15, 2025
CVE-2023-53884
5.4 MEDIUM

Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted …

Dec 15, 2025
CVE-2023-53883
7.2 HIGH

Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a …

Dec 15, 2025
CVE-2023-53882

JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious …

Dec 15, 2025
CVE-2023-53881
8.1 HIGH

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a …

Dec 15, 2025
CVE-2023-53880

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads …

Dec 15, 2025
CVE-2023-53879
5.5 MEDIUM

NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 …

Dec 15, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.