CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-67607

Rejected reason: Not used

Dec 10, 2025
CVE-2025-67606

Rejected reason: Not used

Dec 10, 2025
CVE-2025-67605

Rejected reason: Not used

Dec 10, 2025
CVE-2025-13677
4.9 MEDIUM

The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient …

Dec 10, 2025
CVE-2025-13613
9.8 CRITICAL

The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin …

Dec 10, 2025
CVE-2025-67507
8.1 HIGH

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for …

Dec 10, 2025
CVE-2025-67506
9.8 CRITICAL

PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The …

Dec 10, 2025
CVE-2025-67485
5.3 MEDIUM

mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers …

Dec 10, 2025
CVE-2025-67503

Rejected reason: This CVE is a duplicate of another CVE.

Dec 10, 2025
CVE-2025-67502
5.4 MEDIUM

Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites …

Dec 10, 2025
CVE-2025-67501
8.8 HIGH

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability …

Dec 10, 2025
CVE-2025-67500
3.7 LOW

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have …

Dec 10, 2025
CVE-2025-67499
6.6 MEDIUM

The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all …

Dec 10, 2025
CVE-2025-64898
4.3 MEDIUM

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker …

Dec 10, 2025
CVE-2025-64897
5.6 MEDIUM

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass …

Dec 10, 2025
CVE-2025-61823
6.2 MEDIUM

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary …

Dec 10, 2025
CVE-2025-61822
6.2 MEDIUM

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker …

Dec 10, 2025
CVE-2025-61821
6.8 MEDIUM

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary …

Dec 10, 2025
CVE-2025-61813
8.2 HIGH

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary …

Dec 10, 2025
CVE-2025-61812
8.4 HIGH

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary …

Dec 10, 2025
CVE-2025-61811
9.1 CRITICAL

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context …

Dec 10, 2025
CVE-2025-61810
8.4 HIGH

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the …

Dec 10, 2025
CVE-2025-61809
9.1 CRITICAL

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker …

Dec 10, 2025
CVE-2025-61808
9.1 CRITICAL

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code …

Dec 10, 2025
CVE-2025-67498

Rejected reason: Further research determined the issue is not a vulnerability.

Dec 9, 2025
CVE-2025-67497

Rejected reason: Further research determined the issue is not a vulnerability.

Dec 9, 2025
CVE-2025-67496
4.3 MEDIUM

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting …

Dec 9, 2025
CVE-2025-67495
8.0 HIGH

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint …

Dec 9, 2025
CVE-2025-13760

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Dec 9, 2025
CVE-2025-67494
9.3 CRITICAL

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats …

Dec 9, 2025
CVE-2025-66645
7.5 HIGH

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to …

Dec 9, 2025
CVE-2025-66039
9.8 CRITICAL

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set …

Dec 9, 2025
CVE-2025-65513
7.5 HIGH

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.

Dec 9, 2025
CVE-2025-36437
4.3 MEDIUM

IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system.

Dec 9, 2025
CVE-2025-34425
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the WindowContext parameter of /Mondo/lang/sys/Forms/MAI/compose.aspx. The WindowContext value is not properly sanitized …

Dec 9, 2025
CVE-2025-67489
9.8 CRITICAL

@vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through …

Dec 9, 2025
CVE-2025-67488
7.8 HIGH

SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user …

Dec 9, 2025
CVE-2025-66626
8.1 HIGH

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain …

Dec 9, 2025
CVE-2025-64899
7.8 HIGH

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result …

Dec 9, 2025
CVE-2025-64896
5.5 MEDIUM

Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to …

Dec 9, 2025
CVE-2025-64787
3.3 LOW

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a …

Dec 9, 2025
CVE-2025-64786
3.3 LOW

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a …

Dec 9, 2025
CVE-2025-64785
7.8 HIGH

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary …

Dec 9, 2025
CVE-2025-13743
7.5 HIGH

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking …

Dec 9, 2025
CVE-2023-53774
9.8 CRITICAL

MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can …

Dec 9, 2025
CVE-2023-53773
5.3 MEDIUM

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers …

Dec 9, 2025
CVE-2023-53772
7.5 HIGH

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the …

Dec 9, 2025
CVE-2023-53771
9.8 CRITICAL

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to …

Dec 9, 2025
CVE-2023-53770
7.5 HIGH

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can …

Dec 9, 2025
CVE-2023-53739

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can …

Dec 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.