CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-66472
6.1 MEDIUM

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 …

Dec 10, 2025
CVE-2025-66033
5.3 MEDIUM

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads …

Dec 10, 2025
CVE-2025-65297
7.5 HIGH

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this …

Dec 10, 2025
CVE-2025-65296
6.5 MEDIUM

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed …

Dec 10, 2025
CVE-2025-65295
8.1 HIGH

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to …

Dec 10, 2025
CVE-2025-65294
9.8 CRITICAL

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command …

Dec 10, 2025
CVE-2025-65293
6.6 MEDIUM

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup …

Dec 10, 2025
CVE-2025-65292
7.3 HIGH

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands …

Dec 10, 2025
CVE-2025-65291
7.4 HIGH

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services …

Dec 10, 2025
CVE-2025-65290
7.4 HIGH

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing …

Dec 10, 2025
CVE-2024-58285
5.4 MEDIUM

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the …

Dec 10, 2025
CVE-2024-58284
7.2 HIGH

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can …

Dec 10, 2025
CVE-2024-58283
8.8 HIGH

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers …

Dec 10, 2025
CVE-2024-58282
7.2 HIGH

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit …

Dec 10, 2025
CVE-2024-58281
8.8 HIGH

Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit …

Dec 10, 2025
CVE-2024-58280
8.8 HIGH

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' …

Dec 10, 2025
CVE-2024-58279
8.8 HIGH

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers …

Dec 10, 2025
CVE-2023-53776
8.8 HIGH

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue …

Dec 10, 2025
CVE-2023-53775
6.5 MEDIUM

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse …

Dec 10, 2025
CVE-2025-67461
5.0 MEDIUM

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of …

Dec 10, 2025
CVE-2025-67460
7.8 HIGH

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via …

Dec 10, 2025
CVE-2025-65950
8.8 HIGH

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify …

Dec 10, 2025
CVE-2025-65832
4.6 MEDIUM

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated …

Dec 10, 2025
CVE-2025-65831
7.5 HIGH

The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, …

Dec 10, 2025
CVE-2025-65830
9.1 CRITICAL

Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt …

Dec 10, 2025
CVE-2025-65829
6.8 MEDIUM

The ESP32 system on a chip (SoC) that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that …

Dec 10, 2025
CVE-2025-65828
6.5 MEDIUM

An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy (BLE) to these devices which would result in …

Dec 10, 2025
CVE-2025-65827
9.1 CRITICAL

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an …

Dec 10, 2025
CVE-2025-65826
9.8 CRITICAL

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical …

Dec 10, 2025
CVE-2025-65825
4.6 MEDIUM

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect …

Dec 10, 2025
CVE-2025-65824
8.8 HIGH

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy (BLE), resulting …

Dec 10, 2025
CVE-2025-65823
9.8 CRITICAL

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an …

Dec 10, 2025
CVE-2025-65822
6.8 MEDIUM

The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 …

Dec 10, 2025
CVE-2025-65821
7.5 HIGH

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device …

Dec 10, 2025
CVE-2025-65820
9.8 CRITICAL

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. …

Dec 10, 2025
CVE-2025-65512
7.5 HIGH

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass …

Dec 10, 2025
CVE-2025-62181
5.3 MEDIUM

Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response …

Dec 10, 2025
CVE-2025-24857
7.6 HIGH

Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, …

Dec 10, 2025
CVE-2023-53741
8.1 HIGH

Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can …

Dec 10, 2025
CVE-2023-53740
9.8 CRITICAL

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit …

Dec 10, 2025
CVE-2020-36902
9.8 CRITICAL

UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send …

Dec 10, 2025
CVE-2020-36901
8.8 HIGH

UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can …

Dec 10, 2025
CVE-2020-36900
8.8 HIGH

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft …

Dec 10, 2025
CVE-2020-36899
7.5 HIGH

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' …

Dec 10, 2025
CVE-2020-36898
9.1 CRITICAL

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. …

Dec 10, 2025
CVE-2020-36897
9.8 CRITICAL

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. …

Dec 10, 2025
CVE-2020-36896
7.5 HIGH

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. …

Dec 10, 2025
CVE-2020-36895
7.5 HIGH

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. …

Dec 10, 2025
CVE-2020-36894
7.5 HIGH

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can …

Dec 10, 2025
CVE-2020-36893
7.5 HIGH

Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers …

Dec 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.