CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-58287
8.8 HIGH

reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can …

Dec 11, 2025
CVE-2024-58286

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the …

Dec 11, 2025
CVE-2025-66590
9.8 CRITICAL

In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past …

Dec 11, 2025
CVE-2025-66589
9.1 CRITICAL

In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past …

Dec 11, 2025
CVE-2025-66588
9.8 CRITICAL

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code …

Dec 11, 2025
CVE-2025-66587

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Dec 11, 2025
CVE-2025-66586
7.8 HIGH

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially …

Dec 11, 2025
CVE-2025-66585
7.8 HIGH

In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. …

Dec 11, 2025
CVE-2025-66584

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Dec 11, 2025
CVE-2025-66429
8.8 HIGH

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. …

Dec 11, 2025
CVE-2025-64702
5.3 MEDIUM

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and …

Dec 11, 2025
CVE-2025-55816
6.1 MEDIUM

HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.

Dec 11, 2025
CVE-2025-14538
3.5 LOW

A security vulnerability has been detected in yangshare warehouseManager 仓库管理系统 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument …

Dec 11, 2025
CVE-2025-14537
7.3 HIGH

A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. …

Dec 11, 2025
CVE-2025-14293
6.5 MEDIUM

The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. …

Dec 11, 2025
CVE-2025-13664
6.7 MEDIUM

A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege.

Dec 11, 2025
CVE-2025-13663
6.7 MEDIUM

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation …

Dec 11, 2025
CVE-2025-55184
7.5 HIGH

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, …

Dec 11, 2025
CVE-2025-55183
5.3 MEDIUM

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: …

Dec 11, 2025
CVE-2025-36938
6.8 MEDIUM

In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of …

Dec 11, 2025
CVE-2025-36937
9.8 CRITICAL

In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution …

Dec 11, 2025
CVE-2025-36936
7.8 HIGH

In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege …

Dec 11, 2025
CVE-2025-36935
7.8 HIGH

In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional …

Dec 11, 2025
CVE-2025-36934
7.4 HIGH

In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with …

Dec 11, 2025
CVE-2025-36932
7.8 HIGH

In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no …

Dec 11, 2025
CVE-2025-36931
7.8 HIGH

In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …

Dec 11, 2025
CVE-2025-36930
7.8 HIGH

In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …

Dec 11, 2025
CVE-2025-36929
5.5 MEDIUM

In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional …

Dec 11, 2025
CVE-2025-36928
7.8 HIGH

In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Dec 11, 2025
CVE-2025-36927
7.8 HIGH

In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …

Dec 11, 2025
CVE-2025-36925
7.8 HIGH

In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …

Dec 11, 2025
CVE-2025-36924
8.0 HIGH

In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation …

Dec 11, 2025
CVE-2025-36923
8.0 HIGH

In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation …

Dec 11, 2025
CVE-2025-36922
6.7 MEDIUM

In bigo_map of bigo_iommu.c, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege in …

Dec 11, 2025
CVE-2025-36921
5.5 MEDIUM

In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure …

Dec 11, 2025
CVE-2025-36919
7.8 HIGH

In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional …

Dec 11, 2025
CVE-2025-36918
7.8 HIGH

In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege …

Dec 11, 2025
CVE-2025-36917
6.5 MEDIUM

In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service …

Dec 11, 2025
CVE-2025-36916
7.0 HIGH

In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no …

Dec 11, 2025
CVE-2025-36912
6.5 MEDIUM

In cellular modem, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of …

Dec 11, 2025
CVE-2025-36889
5.5 MEDIUM

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional …

Dec 11, 2025
CVE-2025-14536
7.3 HIGH

A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file …

Dec 11, 2025
CVE-2025-14535
9.8 CRITICAL

A vulnerability was identified in UTT 进取 512W up to 3.1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigFastDirectionW. The manipulation of the argument …

Dec 11, 2025
CVE-2025-13481
8.8 HIGH

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation …

Dec 11, 2025
CVE-2025-13214
7.6 HIGH

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker …

Dec 11, 2025
CVE-2025-13211
5.3 MEDIUM

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control …

Dec 11, 2025
CVE-2025-13148
8.1 HIGH

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password.

Dec 11, 2025
CVE-2024-42197
5.5 MEDIUM

HCL Workload Scheduler stores user credentials in plain text which can be read by a local user.

Dec 11, 2025
CVE-2025-56130
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua.

Dec 11, 2025
CVE-2025-56129
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua.

Dec 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.