CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-64565
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker …

Dec 10, 2025
CVE-2025-64564
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker …

Dec 10, 2025
CVE-2025-64563
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker …

Dec 10, 2025
CVE-2025-64562
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker …

Dec 10, 2025
CVE-2025-64560
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker …

Dec 10, 2025
CVE-2025-64559
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64558
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64557
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64556
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64555
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64554
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64553
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64551
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker …

Dec 10, 2025
CVE-2025-64550
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker …

Dec 10, 2025
CVE-2025-64549
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64548
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64547
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64546
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64545
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker …

Dec 10, 2025
CVE-2025-64544
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker …

Dec 10, 2025
CVE-2025-64543
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker …

Dec 10, 2025
CVE-2025-64541
5.4 MEDIUM

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker …

Dec 10, 2025
CVE-2025-64539
9.3 CRITICAL

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker …

Dec 10, 2025
CVE-2025-64538
9.3 CRITICAL

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker …

Dec 10, 2025
CVE-2025-64537
9.3 CRITICAL

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker …

Dec 10, 2025
CVE-2025-56431
7.5 HIGH

Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the file_get_contents() …

Dec 10, 2025
CVE-2025-56430
7.5 HIGH

Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the deleteDirectory …

Dec 10, 2025
CVE-2025-56429
6.1 MEDIUM

Cross Site Scripting vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to obtain sensitive information via the login.php component.

Dec 10, 2025
CVE-2025-34430
4.3 MEDIUM

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF …

Dec 10, 2025
CVE-2025-34429
7.1 HIGH

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such …

Dec 10, 2025
CVE-2025-34428
7.8 HIGH

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores …

Dec 10, 2025
CVE-2025-34427
7.8 HIGH

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores …

Dec 10, 2025
CVE-2025-65754
6.1 MEDIUM

Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename.

Dec 10, 2025
CVE-2025-63094
7.5 HIGH

XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel …

Dec 10, 2025
CVE-2025-5467
3.3 LOW

It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information …

Dec 10, 2025
CVE-2025-13607
9.4 CRITICAL

A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL.

Dec 10, 2025
CVE-2025-67643
4.3 MEDIUM

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to …

Dec 10, 2025
CVE-2025-67642
4.3 MEDIUM

Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and …

Dec 10, 2025
CVE-2025-67641
5.4 MEDIUM

Jenkins Coverage Plugin 2.3054.ve1ff7b_a_a_123b_ and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through …

Dec 10, 2025
CVE-2025-67640
5.0 MEDIUM

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a …

Dec 10, 2025
CVE-2025-67639
3.5 LOW

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the …

Dec 10, 2025
CVE-2025-67638
4.3 MEDIUM

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers …

Dec 10, 2025
CVE-2025-67637
4.3 MEDIUM

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be …

Dec 10, 2025
CVE-2025-67636
4.3 MEDIUM

A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.

Dec 10, 2025
CVE-2025-67635
7.5 HIGH

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to …

Dec 10, 2025
CVE-2025-65815
6.5 MEDIUM

A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC, PPT v65.0 allows attackers to execute a directory …

Dec 10, 2025
CVE-2025-65814
6.5 MEDIUM

A lack of security checks in the file import process of RHOPHI Analytics LLP Office App-Edit Word v6.4.1 allows attackers to execute a directory traversal.

Dec 10, 2025
CVE-2025-65792
9.1 CRITICAL

DataGear v5.5.0 is vulnerable to Arbitrary File Deletion.

Dec 10, 2025
CVE-2025-52493
6.5 MEDIUM

PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the …

Dec 10, 2025
CVE-2025-65807
8.4 HIGH

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command.

Dec 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.