CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-12422
9.8 CRITICAL

Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 28, 2025
CVE-2025-36386
9.8 CRITICAL

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to …

Oct 28, 2025
CVE-2025-61128
9.1 CRITICAL

Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value …

Oct 28, 2025
CVE-2025-61043
9.1 CRITICAL

An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length …

Oct 28, 2025
CVE-2025-12380
9.8 CRITICAL

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC …

Oct 28, 2025
CVE-2025-61385
9.6 CRITICAL

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal.

Oct 27, 2025
CVE-2025-55754
9.6 CRITICAL

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was …

Oct 27, 2025
CVE-2025-12364
9.8 CRITICAL

Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 27, 2025
CVE-2025-27224
9.8 CRITICAL

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path …

Oct 27, 2025
CVE-2025-61481
10.0 CRITICAL

An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute …

Oct 27, 2025
CVE-2025-60291
9.1 CRITICAL

An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers to access specific routes and …

Oct 27, 2025
CVE-2025-62959
9.1 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turnkey …

Oct 27, 2025
CVE-2025-12285
9.8 CRITICAL

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 26, 2025
CVE-2025-12275
9.8 CRITICAL

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 26, 2025
CVE-2025-12220
9.8 CRITICAL

Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 25, 2025
CVE-2025-12219
9.8 CRITICAL

Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 25, 2025
CVE-2025-12218
9.1 CRITICAL

Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 25, 2025
CVE-2025-12217
9.1 CRITICAL

SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 25, 2025
CVE-2025-62717
9.1 CRITICAL

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing …

Oct 24, 2025
CVE-2025-60803
9.8 CRITICAL

Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.

Oct 24, 2025
CVE-2025-60554
9.8 CRITICAL

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.

Oct 24, 2025
CVE-2025-60553
9.8 CRITICAL

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.

Oct 24, 2025
CVE-2025-60548
9.8 CRITICAL

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.

Oct 24, 2025
CVE-2025-12176
9.8 CRITICAL

Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 24, 2025
CVE-2025-43995
9.8 CRITICAL

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, …

Oct 24, 2025
CVE-2025-11253
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection.This issue affects Netty …

Oct 24, 2025
CVE-2025-6440
9.8 CRITICAL

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads …

Oct 24, 2025
CVE-2025-61934
10.0 CRITICAL

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact …

Oct 23, 2025
CVE-2025-59503
10.0 CRITICAL

Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.

Oct 23, 2025
CVE-2025-58428
9.9 CRITICAL

The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials …

Oct 23, 2025
CVE-2025-11023
9.8 CRITICAL

Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software …

Oct 23, 2025
CVE-2025-47699
9.9 CRITICAL

Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions …

Oct 23, 2025
CVE-2025-12104
9.8 CRITICAL

Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 23, 2025
CVE-2025-62025
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8.

Oct 22, 2025
CVE-2025-62023
9.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905.

Oct 22, 2025
CVE-2025-60238
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 9.04.02.

Oct 22, 2025
CVE-2025-60232
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5.

Oct 22, 2025
CVE-2025-60226
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in axiomthemes White Rabbit whiterabbit allows Object Injection.This issue affects White Rabbit: from n/a through <= 1.5.2.

Oct 22, 2025
CVE-2025-60225
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0.

Oct 22, 2025
CVE-2025-60224
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through <= 2.0.9.

Oct 22, 2025
CVE-2025-60221
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through <= 3.0.3.

Oct 22, 2025
CVE-2025-60220
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0.

Oct 22, 2025
CVE-2025-60216
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through < 1.4.8.

Oct 22, 2025
CVE-2025-60214
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through < 1.3.0.

Oct 22, 2025
CVE-2025-60213
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape scape allows Object Injection.This issue affects Scape: from n/a through <= 1.5.13.

Oct 22, 2025
CVE-2025-60210
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a …

Oct 22, 2025
CVE-2025-60209
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms …

Oct 22, 2025
CVE-2025-60206
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3.

Oct 22, 2025
CVE-2025-60039
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through <= 2.6.0.

Oct 22, 2025
CVE-2025-59557
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: …

Oct 22, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.