CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-12687
6.5 MEDIUM

A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to cause a …

Dec 11, 2025
CVE-2025-64701
7.8 HIGH

QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the …

Dec 11, 2025
CVE-2025-12734
3.5 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have …

Dec 11, 2025
CVE-2025-12029
8.0 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, …

Dec 11, 2025
CVE-2025-67738
8.5 HIGH

squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and …

Dec 11, 2025
CVE-2025-14512
6.5 MEDIUM

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) …

Dec 11, 2025
CVE-2025-8405
7.7 HIGH

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could …

Dec 11, 2025
CVE-2025-4097
6.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have …

Dec 11, 2025
CVE-2025-11984
6.8 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have …

Dec 11, 2025
CVE-2025-11247
4.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have …

Dec 11, 2025
CVE-2025-9436
6.4 MEDIUM

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `trustindex` shortcode in all versions up to, and …

Dec 11, 2025
CVE-2025-67694

Rejected reason: Not used

Dec 11, 2025
CVE-2025-67693

Rejected reason: Not used

Dec 11, 2025
CVE-2025-67692

Rejected reason: Not used

Dec 11, 2025
CVE-2025-67691

Rejected reason: Not used

Dec 11, 2025
CVE-2025-67690

Rejected reason: Not used

Dec 11, 2025
CVE-2025-67689

Rejected reason: Not used

Dec 11, 2025
CVE-2025-67688

Rejected reason: Not used

Dec 11, 2025
CVE-2025-67687

Rejected reason: Not used

Dec 11, 2025
CVE-2025-67686

Rejected reason: Not used

Dec 11, 2025
CVE-2025-14157
6.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have …

Dec 11, 2025
CVE-2025-13978
4.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have …

Dec 11, 2025
CVE-2025-12716
8.7 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain …

Dec 11, 2025
CVE-2025-12562
7.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have …

Dec 11, 2025
CVE-2025-10163
6.5 MEDIUM

The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘starting_with’ parameter of the catlist shortcode in all versions up …

Dec 11, 2025
CVE-2025-14485
5.0 MEDIUM

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show_debug_screen of the file /sess-bin/timepro.cgi of the component Administrator Password …

Dec 11, 2025
CVE-2025-13764
9.8 CRITICAL

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' …

Dec 11, 2025
CVE-2025-11467
5.8 MEDIUM

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request …

Dec 11, 2025
CVE-2025-67720
6.5 MEDIUM

Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages in the download_media method …

Dec 11, 2025
CVE-2025-67719

Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 …

Dec 11, 2025
CVE-2025-67718

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling …

Dec 11, 2025
CVE-2025-67717
4.3 MEDIUM

ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, …

Dec 11, 2025
CVE-2025-67716
5.7 MEDIUM

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo …

Dec 11, 2025
CVE-2025-67713
6.1 MEDIUM

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. …

Dec 11, 2025
CVE-2025-67648
7.1 HIGH

Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from …

Dec 11, 2025
CVE-2025-67646
3.5 LOW

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. …

Dec 11, 2025
CVE-2025-67644
7.3 HIGH

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable …

Dec 11, 2025
CVE-2025-67514

Rejected reason: Vulnerability is dependency-based.

Dec 11, 2025
CVE-2025-67512

Rejected reason: The vulnerability is dependency-based.

Dec 11, 2025
CVE-2025-67511
9.6 CRITICAL

Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection …

Dec 11, 2025
CVE-2025-67513

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default …

Dec 10, 2025
CVE-2025-67510
9.4 CRITICAL

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller …

Dec 10, 2025
CVE-2025-67509
8.2 HIGH

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is …

Dec 10, 2025
CVE-2025-67505
8.4 HIGH

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the …

Dec 10, 2025
CVE-2025-67490
5.4 MEDIUM

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on …

Dec 10, 2025
CVE-2025-13923

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Dec 10, 2025
CVE-2025-12731

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Dec 10, 2025
CVE-2025-66628
7.5 HIGH

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains …

Dec 10, 2025
CVE-2025-66474
8.8 HIGH

XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions …

Dec 10, 2025
CVE-2025-66473
7.5 HIGH

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce …

Dec 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.