CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-65803
6.5 MEDIUM

An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted …

Dec 10, 2025
CVE-2025-34424
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34423
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34422
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34421
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34420
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34419
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34418
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34417
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34416
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34410
7.1 HIGH

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint …

Dec 10, 2025
CVE-2025-34395
7.5 HIGH

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can …

Dec 10, 2025
CVE-2025-34394
9.8 CRITICAL

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization …

Dec 10, 2025
CVE-2025-34393
9.8 CRITICAL

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, …

Dec 10, 2025
CVE-2025-34392
9.8 CRITICAL

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that …

Dec 10, 2025
CVE-2025-13155
7.8 HIGH

An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code with elevated privileges.

Dec 10, 2025
CVE-2025-13152
7.8 HIGH

A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute …

Dec 10, 2025
CVE-2025-13125
4.3 MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Exploitation of Trusted Identifiers.This …

Dec 10, 2025
CVE-2025-12046
7.8 HIGH

A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code …

Dec 10, 2025
CVE-2025-8110
8.8 HIGH KEV

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Dec 10, 2025
CVE-2025-13127
3.5 LOW

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site …

Dec 10, 2025
CVE-2025-13184
9.8 CRITICAL

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions …

Dec 10, 2025
CVE-2024-2105
6.5 MEDIUM

An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.

Dec 10, 2025
CVE-2024-2104
8.8 HIGH

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile …

Dec 10, 2025
CVE-2025-41358

Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' …

Dec 10, 2025
CVE-2025-13953

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method. Authentication is performed through …

Dec 10, 2025
CVE-2025-41732
9.8 CRITICAL

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full …

Dec 10, 2025
CVE-2025-41730
9.8 CRITICAL

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full …

Dec 10, 2025
CVE-2025-7073
7.8 HIGH

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting …

Dec 10, 2025
CVE-2025-66675
8.2 HIGH

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, …

Dec 10, 2025
CVE-2025-14390
8.8 HIGH

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version <= 5.0.4. This is due to missing or incorrect nonce validation …

Dec 10, 2025
CVE-2025-9315

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker …

Dec 10, 2025
CVE-2025-66004
5.7 MEDIUM

A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.

Dec 10, 2025
CVE-2025-1161
7.1 HIGH

Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.

Dec 10, 2025
CVE-2025-14087
5.6 MEDIUM

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or …

Dec 10, 2025
CVE-2025-14082
2.7 LOW

A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks …

Dec 10, 2025
CVE-2025-13955

Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478.146 allows attackers in Wi-Fi range to gain access to the dongle …

Dec 10, 2025
CVE-2025-13954

Hard-coded cryptographic keys in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin …

Dec 10, 2025
CVE-2025-12952

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service …

Dec 10, 2025
CVE-2025-9571

A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can …

Dec 10, 2025
CVE-2025-13073
7.1 HIGH

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading …

Dec 10, 2025
CVE-2025-13072
7.1 HIGH

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading …

Dec 10, 2025
CVE-2025-13339
7.5 HIGH

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() …

Dec 10, 2025
CVE-2025-9056
5.3 MEDIUM

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation.

Dec 10, 2025
CVE-2025-67613

Rejected reason: Not used

Dec 10, 2025
CVE-2025-67612

Rejected reason: Not used

Dec 10, 2025
CVE-2025-67611

Rejected reason: Not used

Dec 10, 2025
CVE-2025-67610

Rejected reason: Not used

Dec 10, 2025
CVE-2025-67609

Rejected reason: Not used

Dec 10, 2025
CVE-2025-67608

Rejected reason: Not used

Dec 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.