CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2021-47731
9.8 CRITICAL

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden …

Dec 9, 2025
CVE-2021-47730
8.8 HIGH

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious …

Dec 9, 2025
CVE-2021-47729
5.4 MEDIUM

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. …

Dec 9, 2025
CVE-2021-47728
9.8 CRITICAL

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit …

Dec 9, 2025
CVE-2021-47727
5.3 MEDIUM

Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to …

Dec 9, 2025
CVE-2021-47724
6.5 MEDIUM

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download …

Dec 9, 2025
CVE-2021-47723
8.8 HIGH

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can …

Dec 9, 2025
CVE-2021-47719

COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple …

Dec 9, 2025
CVE-2021-47718
7.5 HIGH

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like …

Dec 9, 2025
CVE-2021-47717

IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can …

Dec 9, 2025
CVE-2021-47710

COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp …

Dec 9, 2025
CVE-2021-47709

COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by …

Dec 9, 2025
CVE-2021-47708

COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter …

Dec 9, 2025
CVE-2021-47707

COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a …

Dec 9, 2025
CVE-2021-47706

COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart …

Dec 9, 2025
CVE-2021-47705

COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays …

Dec 9, 2025
CVE-2021-47704
6.5 MEDIUM

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests …

Dec 9, 2025
CVE-2021-47703
7.2 HIGH

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the …

Dec 9, 2025
CVE-2021-47702
4.3 MEDIUM

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests …

Dec 9, 2025
CVE-2021-47701
8.8 HIGH

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the …

Dec 9, 2025
CVE-2025-66625
4.9 MEDIUM

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an …

Dec 9, 2025
CVE-2025-66457
8.8 HIGH

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution …

Dec 9, 2025
CVE-2025-66456
9.8 CRITICAL

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in …

Dec 9, 2025
CVE-2025-66214
7.0 HIGH

Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior to 3.0-20251107.114628 contain the APIs /iaf/ladybug/api/report/{storage} and /iaf/ladybug/api/report/upload, which allow uploading …

Dec 9, 2025
CVE-2025-65741
9.8 CRITICAL

Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution …

Dec 9, 2025
CVE-2025-64113
9.8 CRITICAL

Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby …

Dec 9, 2025
CVE-2025-14337
7.3 HIGH

A vulnerability was determined in itsourcecode Student Management System 1.0. This affects an unknown part of the file /new_grade.php. This manipulation of the argument grade …

Dec 9, 2025
CVE-2025-9614
6.5 MEDIUM

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device …

Dec 9, 2025
CVE-2025-9613
6.5 MEDIUM

A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may …

Dec 9, 2025
CVE-2025-9612
5.1 MEDIUM

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and …

Dec 9, 2025
CVE-2025-65882
9.8 CRITICAL

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands.

Dec 9, 2025
CVE-2025-65573
8.8 HIGH

Cross Site Request Forgery (CSRF) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to cause a denial of service via function handle_interface_POST_and_status.

Dec 9, 2025
CVE-2025-65572
6.1 MEDIUM

Cross Site Scripting (XSS) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to execute arbitrary code via the (1) config, (2) filename, or (3) extratext …

Dec 9, 2025
CVE-2025-65300
5.4 MEDIUM

A stored Cross-Site Scripting (XSS) vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 (2025-10-28) in the Account Settings module, where unsanitized user input in Address …

Dec 9, 2025
CVE-2025-14336
7.3 HIGH

A vulnerability was found in itsourcecode Student Management System 1.0. Affected by this issue is some unknown functionality of the file /promote.php. The manipulation of …

Dec 9, 2025
CVE-2025-14335
7.3 HIGH

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /new_school_year.php. The manipulation …

Dec 9, 2025
CVE-2025-14334
7.3 HIGH

A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /new_adviser.php. Executing manipulation of the argument …

Dec 9, 2025
CVE-2025-11531
8.8 HIGH

HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with …

Dec 9, 2025
CVE-2025-65594
8.1 HIGH

OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating …

Dec 9, 2025
CVE-2025-64894
5.5 MEDIUM

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit …

Dec 9, 2025
CVE-2025-64893
7.1 HIGH

DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An …

Dec 9, 2025
CVE-2025-64784
7.1 HIGH

DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. …

Dec 9, 2025
CVE-2025-64783
7.8 HIGH

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context …

Dec 9, 2025
CVE-2025-64680
7.8 HIGH

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-64679
7.8 HIGH

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-64678
8.8 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Dec 9, 2025
CVE-2025-64673
7.8 HIGH

Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-64672
8.8 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Dec 9, 2025
CVE-2025-64671
8.4 HIGH

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-64670
6.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.

Dec 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.