CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-66044
9.8 CRITICAL

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to …

Dec 11, 2025
CVE-2025-66043
9.8 CRITICAL

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to …

Dec 11, 2025
CVE-2025-65474
9.8 CRITICAL

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP …

Dec 11, 2025
CVE-2025-65473
9.1 CRITICAL

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via …

Dec 11, 2025
CVE-2025-65472
8.8 HIGH

A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction …

Dec 11, 2025
CVE-2025-65471
8.8 HIGH

An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted …

Dec 11, 2025
CVE-2025-14528
5.3 MEDIUM

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The …

Dec 11, 2025
CVE-2025-14527
7.3 HIGH

A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing a manipulation of …

Dec 11, 2025
CVE-2025-14526
8.8 HIGH

A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument …

Dec 11, 2025
CVE-2024-8273
8.8 HIGH

Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.

Dec 11, 2025
CVE-2025-67742
3.8 LOW

In JetBrains TeamCity before 2025.11 path traversal was possible via file upload

Dec 11, 2025
CVE-2025-67741
4.6 MEDIUM

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute

Dec 11, 2025
CVE-2025-67740
2.7 LOW

In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata

Dec 11, 2025
CVE-2025-67739
3.1 LOW

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure

Dec 11, 2025
CVE-2025-59803
5.3 MEDIUM

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute …

Dec 11, 2025
CVE-2025-59802
7.5 HIGH

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG …

Dec 11, 2025
CVE-2025-55314
7.8 HIGH

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are …

Dec 11, 2025
CVE-2025-55313
7.8 HIGH

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution …

Dec 11, 2025
CVE-2025-55312
7.8 HIGH

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via …

Dec 11, 2025
CVE-2025-55311
6.5 MEDIUM

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript …

Dec 11, 2025
CVE-2025-55310
7.3 HIGH

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or …

Dec 11, 2025
CVE-2025-55309
6.7 MEDIUM

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript …

Dec 11, 2025
CVE-2025-55308
6.7 MEDIUM

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc() …

Dec 11, 2025
CVE-2025-55307
3.3 LOW

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript …

Dec 11, 2025
CVE-2025-14522
6.3 MEDIUM

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing manipulation of the …

Dec 11, 2025
CVE-2025-14521
4.3 MEDIUM

A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation …

Dec 11, 2025
CVE-2025-14520
5.4 MEDIUM

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument …

Dec 11, 2025
CVE-2025-14519
3.5 LOW

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component …

Dec 11, 2025
CVE-2025-14518
6.3 MEDIUM

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. …

Dec 11, 2025
CVE-2025-14265
9.1 CRITICAL

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or …

Dec 11, 2025
CVE-2025-13124
7.6 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information Technologies Ltd. Co. ApplyLogic allows Exploitation of Trusted Identifiers.This issue affects ApplyLogic: through 01.12.2025.

Dec 11, 2025
CVE-2024-40593
6.0 MEDIUM

A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 …

Dec 11, 2025
CVE-2025-14517
5.3 MEDIUM

A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of …

Dec 11, 2025
CVE-2025-14516
6.3 MEDIUM

A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. …

Dec 11, 2025
CVE-2025-14523
8.2 HIGH

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies …

Dec 11, 2025
CVE-2025-14515
7.3 HIGH

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_unit.php. Such manipulation …

Dec 11, 2025
CVE-2025-13003
7.6 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.This issue affects AxOnboard: from 3.2.0 before …

Dec 11, 2025
CVE-2025-64995
6.5 MEDIUM

A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path …

Dec 11, 2025
CVE-2025-64994
6.5 MEDIUM

A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search …

Dec 11, 2025
CVE-2025-64993
6.8 MEDIUM

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner …

Dec 11, 2025
CVE-2025-64992
6.8 MEDIUM

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers …

Dec 11, 2025
CVE-2025-64991
6.8 MEDIUM

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers …

Dec 11, 2025
CVE-2025-64990
6.8 MEDIUM

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers …

Dec 11, 2025
CVE-2025-64989
7.2 HIGH

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers …

Dec 11, 2025
CVE-2025-64988
7.2 HIGH

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers …

Dec 11, 2025
CVE-2025-64987
7.2 HIGH

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner …

Dec 11, 2025
CVE-2025-64986
7.2 HIGH

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers …

Dec 11, 2025
CVE-2025-46266
4.3 MEDIUM

A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to coerce the …

Dec 11, 2025
CVE-2025-44016
8.8 HIGH

A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file …

Dec 11, 2025
CVE-2025-14514
7.3 HIGH

A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add_distributor.php. This manipulation of the argument …

Dec 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.