CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-47259
3.5 LOW

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for …

Mar 4, 2025
CVE-2025-1905
3.5 LOW

A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The …

Mar 4, 2025
CVE-2025-1904
3.5 LOW

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of …

Mar 4, 2025
CVE-2025-24309
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only …

Mar 4, 2025
CVE-2025-24301
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …

Mar 4, 2025
CVE-2025-23420
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only …

Mar 4, 2025
CVE-2025-23418
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Mar 4, 2025
CVE-2025-23414
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …

Mar 4, 2025
CVE-2025-23409
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …

Mar 4, 2025
CVE-2025-23240
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only …

Mar 4, 2025
CVE-2025-23234
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.

Mar 4, 2025
CVE-2025-22897
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.

Mar 4, 2025
CVE-2025-22847
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Mar 4, 2025
CVE-2025-22841
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Mar 4, 2025
CVE-2025-22837
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.

Mar 4, 2025
CVE-2025-22835
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only …

Mar 4, 2025
CVE-2025-22443
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Mar 4, 2025
CVE-2025-21097
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.

Mar 4, 2025
CVE-2025-21089
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Mar 4, 2025
CVE-2025-21084
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be …

Mar 4, 2025
CVE-2025-20626
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …

Mar 4, 2025
CVE-2025-20091
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …

Mar 4, 2025
CVE-2025-20081
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited …

Mar 4, 2025
CVE-2025-20024
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only …

Mar 4, 2025
CVE-2025-20021
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Mar 4, 2025
CVE-2025-20011
3.3 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

Mar 4, 2025
CVE-2025-0587
3.8 LOW

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only …

Mar 4, 2025
CVE-2025-1892
2.4 LOW

A vulnerability was found in shishuocms 1.1. It has been classified as problematic. Affected is an unknown function of the file /manage/folder/add.json of the component …

Mar 4, 2025
CVE-2025-27221
3.2 LOW

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is …

Mar 4, 2025
CVE-2025-1880
2.0 LOW

A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the …

Mar 3, 2025
CVE-2025-1879
2.4 LOW

A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component …

Mar 3, 2025
CVE-2025-1878
3.1 LOW

A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component …

Mar 3, 2025
CVE-2025-24023
3.7 LOW

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server …

Mar 3, 2025
CVE-2025-1830
2.4 LOW

A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component …

Mar 2, 2025
CVE-2025-0895
2.4 LOW

IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log …

Mar 2, 2025
CVE-2024-55907
2.0 LOW

IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, …

Mar 2, 2025
CVE-2025-1817
2.4 LOW

A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin …

Mar 2, 2025
CVE-2025-1807
3.5 LOW

A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component …

Mar 2, 2025
CVE-2025-27400
2.9 LOW

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of …

Feb 28, 2025
CVE-2025-0914
3.8 LOW

An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments …

Feb 27, 2025
CVE-2025-0759
3.3 LOW

IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization.

Feb 27, 2025
CVE-2024-56812
3.3 LOW

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …

Feb 27, 2025
CVE-2024-56811
3.3 LOW

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …

Feb 27, 2025
CVE-2024-56810
3.3 LOW

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …

Feb 27, 2025
CVE-2024-56496
3.3 LOW

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …

Feb 27, 2025
CVE-2024-56495
3.3 LOW

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …

Feb 27, 2025
CVE-2024-56494
3.3 LOW

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …

Feb 27, 2025
CVE-2024-56493
3.3 LOW

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …

Feb 27, 2025
CVE-2025-1693
3.9 LOW

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into …

Feb 27, 2025
CVE-2025-26698
2.7 LOW

Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using …

Feb 26, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.