CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-8900
9.8 CRITICAL

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing …

Nov 3, 2025
CVE-2025-0987
9.9 CRITICAL

Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor …

Nov 3, 2025
CVE-2025-12603
9.8 CRITICAL

/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Nov 1, 2025
CVE-2025-12602
9.8 CRITICAL

/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Nov 1, 2025
CVE-2025-12600
9.8 CRITICAL

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Nov 1, 2025
CVE-2025-12599
9.8 CRITICAL

Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Nov 1, 2025
CVE-2025-11499
9.8 CRITICAL

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing …

Nov 1, 2025
CVE-2025-11833
9.8 CRITICAL

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data …

Nov 1, 2025
CVE-2025-29270
10.0 CRITICAL

Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel …

Oct 31, 2025
CVE-2025-12554
9.8 CRITICAL

Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 31, 2025
CVE-2025-12553
9.8 CRITICAL

Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 31, 2025
CVE-2025-12552
9.8 CRITICAL

Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 31, 2025
CVE-2025-57108
9.8 CRITICAL

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are …

Oct 31, 2025
CVE-2025-6520
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Abis Technology BAPSIS allows Blind SQL Injection.This issue affects BAPSIS: before …

Oct 31, 2025
CVE-2025-8489
9.8 CRITICAL

The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 …

Oct 31, 2025
CVE-2025-5397
9.8 CRITICAL

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() …

Oct 31, 2025
CVE-2025-52665
10.0 CRITICAL

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API …

Oct 31, 2025
CVE-2025-48983
9.9 CRITICAL

A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an …

Oct 31, 2025
CVE-2025-34277
9.8 CRITICAL

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to …

Oct 30, 2025
CVE-2025-34274
9.8 CRITICAL

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. …

Oct 30, 2025
CVE-2025-34271
9.8 CRITICAL

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted …

Oct 30, 2025
CVE-2024-14003
9.8 CRITICAL

Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server plugins. Insufficient validation of …

Oct 30, 2025
CVE-2024-13999
9.8 CRITICAL

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of …

Oct 30, 2025
CVE-2024-13996
9.8 CRITICAL

Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, …

Oct 30, 2025
CVE-2024-13994
9.8 CRITICAL

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can …

Oct 30, 2025
CVE-2012-10063
9.8 CRITICAL

Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries …

Oct 30, 2025
CVE-2025-62712
9.6 CRITICAL

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, …

Oct 30, 2025
CVE-2025-12516
9.8 CRITICAL

Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Oct 30, 2025
CVE-2025-12515
9.8 CRITICAL

Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Oct 30, 2025
CVE-2025-43027
9.8 CRITICAL

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the …

Oct 30, 2025
CVE-2025-50739
9.8 CRITICAL

iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization.

Oct 30, 2025
CVE-2025-54469
9.9 CRITICAL

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without …

Oct 30, 2025
CVE-2025-11202
9.8 CRITICAL

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not …

Oct 29, 2025
CVE-2025-11201
9.8 CRITICAL

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow …

Oct 29, 2025
CVE-2025-11200
9.8 CRITICAL

MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to …

Oct 29, 2025
CVE-2025-64103
9.8 CRITICAL

Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a …

Oct 29, 2025
CVE-2025-64102
9.8 CRITICAL

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. …

Oct 29, 2025
CVE-2018-25120
9.8 CRITICAL

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance …

Oct 29, 2025
CVE-2025-12478
9.8 CRITICAL

Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Oct 29, 2025
CVE-2025-12477
9.8 CRITICAL

Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Oct 29, 2025
CVE-2025-12476
9.8 CRITICAL

Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Oct 29, 2025
CVE-2025-63622
9.8 CRITICAL

A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument …

Oct 29, 2025
CVE-2024-45162
9.8 CRITICAL

A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field.

Oct 29, 2025
CVE-2025-4665
9.6 CRITICAL

WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP …

Oct 29, 2025
CVE-2025-64095
10.0 CRITICAL

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated …

Oct 28, 2025
CVE-2025-62368
9.0 CRITICAL

Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to …

Oct 28, 2025
CVE-2025-43017
9.8 CRITICAL

HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential …

Oct 28, 2025
CVE-2025-61235
9.1 CRITICAL

An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or …

Oct 28, 2025
CVE-2025-12424
9.8 CRITICAL

Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Oct 28, 2025
CVE-2025-60355
9.8 CRITICAL

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

Oct 28, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.