CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-62454
7.8 HIGH

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62221
7.8 HIGH KEV

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-61258
7.5 HIGH

Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates …

Dec 9, 2025
CVE-2025-61078
6.1 MEDIUM

Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter …

Dec 9, 2025
CVE-2025-60024
8.8 HIGH

Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 …

Dec 9, 2025
CVE-2025-59923
2.7 LOW

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow …

Dec 9, 2025
CVE-2025-59810
6.5 MEDIUM

An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 …

Dec 9, 2025
CVE-2025-59808
6.8 MEDIUM

An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR …

Dec 9, 2025
CVE-2025-59719
9.8 CRITICAL

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to …

Dec 9, 2025
CVE-2025-59718
9.8 CRITICAL KEV

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, …

Dec 9, 2025
CVE-2025-59517
7.8 HIGH

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-59516
7.8 HIGH

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-57823
2.7 LOW

A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may …

Dec 9, 2025
CVE-2025-55233
7.8 HIGH

Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-54838
6.8 MEDIUM

An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests.

Dec 9, 2025
CVE-2025-54353
5.4 MEDIUM

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox …

Dec 9, 2025
CVE-2025-54100
7.8 HIGH

Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-53949
7.2 HIGH

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 …

Dec 9, 2025
CVE-2025-53679
7.2 HIGH

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 …

Dec 9, 2025
CVE-2025-46637
7.3 HIGH

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this …

Dec 9, 2025
CVE-2025-46636
6.6 MEDIUM

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could …

Dec 9, 2025
CVE-2025-34414

Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure …

Dec 9, 2025
CVE-2025-34413

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, …

Dec 9, 2025
CVE-2025-34409
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized …

Dec 9, 2025
CVE-2025-34408
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized …

Dec 9, 2025
CVE-2025-34407
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when …

Dec 9, 2025
CVE-2025-34406
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized …

Dec 9, 2025
CVE-2025-34404
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized …

Dec 9, 2025
CVE-2025-34403
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized …

Dec 9, 2025
CVE-2025-34402
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized …

Dec 9, 2025
CVE-2025-34401
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized …

Dec 9, 2025
CVE-2025-34400
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized …

Dec 9, 2025
CVE-2025-34399
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized …

Dec 9, 2025
CVE-2025-34398
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized …

Dec 9, 2025
CVE-2025-34397
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized …

Dec 9, 2025
CVE-2025-34396
7.3 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 9, 2025
CVE-2025-33214
8.8 HIGH

NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability …

Dec 9, 2025
CVE-2025-33213
8.8 HIGH

NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this …

Dec 9, 2025
CVE-2025-13924
4.3 MEDIUM

The Advanced Product Fields (Product Addons) for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. …

Dec 9, 2025
CVE-2024-47570
6.6 MEDIUM

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, …

Dec 9, 2025
CVE-2025-65289
6.1 MEDIUM

A stored Cross site scripting (XSS) vulnerability in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) router allows a remote attacker on the LAN …

Dec 9, 2025
CVE-2025-65288
6.5 MEDIUM

A buffer overflow in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) occurs when the device accepts and stores excessively long hostnames from LAN …

Dec 9, 2025
CVE-2025-63742
9.8 CRITICAL

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database …

Dec 9, 2025
CVE-2025-63740
4.3 MEDIUM

SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database …

Dec 9, 2025
CVE-2025-63739
4.3 MEDIUM

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files …

Dec 9, 2025
CVE-2025-63738
4.3 MEDIUM

An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to …

Dec 9, 2025
CVE-2025-63737
6.1 MEDIUM

Cross-site scripting (XSS) vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML …

Dec 9, 2025
CVE-2025-56704
8.8 HIGH

LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can …

Dec 9, 2025
CVE-2025-12946
7.5 HIGH

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using …

Dec 9, 2025
CVE-2025-12945
7.2 HIGH

A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through …

Dec 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.