CVE Database

111589+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-48575
7.8 HIGH

In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of …

Dec 8, 2025
CVE-2025-48573
7.8 HIGH

In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use …

Dec 8, 2025
CVE-2025-48572
7.8 HIGH KEV

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation …

Dec 8, 2025
CVE-2025-48566
7.8 HIGH

In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to …

Dec 8, 2025
CVE-2025-48565
7.8 HIGH

In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could …

Dec 8, 2025
CVE-2025-48564
7.0 HIGH

In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no …

Dec 8, 2025
CVE-2025-48555
7.8 HIGH

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege …

Dec 8, 2025
CVE-2025-48536
7.8 HIGH

In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could …

Dec 8, 2025
CVE-2025-48525
7.8 HIGH

In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to …

Dec 8, 2025
CVE-2025-32329
7.8 HIGH

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic …

Dec 8, 2025
CVE-2025-32328
7.8 HIGH

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic …

Dec 8, 2025
CVE-2025-32319
6.7 MEDIUM

In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead …

Dec 8, 2025
CVE-2025-22432
6.7 MEDIUM

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background …

Dec 8, 2025
CVE-2025-22420
7.8 HIGH

In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local …

Dec 8, 2025
CVE-2025-14257
7.3 HIGH

A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /newrecord.php. Executing manipulation of the argument …

Dec 8, 2025
CVE-2025-14256
7.3 HIGH

A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID …

Dec 8, 2025
CVE-2025-65798
5.4 MEDIUM

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.

Dec 8, 2025
CVE-2025-65796
4.3 MEDIUM

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

Dec 8, 2025
CVE-2025-61318
9.1 CRITICAL

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path …

Dec 8, 2025
CVE-2025-14271

Rejected reason: This CVE ID has been withdrawn by its CVE Numbering Authority.

Dec 8, 2025
CVE-2025-14251
7.3 HIGH

A security vulnerability has been detected in code-projects Online Ordering System 1.0. This affects an unknown function of the file /admin/ of the component Admin …

Dec 8, 2025
CVE-2025-14250
7.3 HIGH

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /user_contact.php. This manipulation of …

Dec 8, 2025
CVE-2025-60912
3.3 LOW

phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers …

Dec 8, 2025
CVE-2025-14249
7.3 HIGH

A security flaw has been discovered in code-projects Online Ordering System 1.0. The affected element is an unknown function of the file /user_school.php. The manipulation …

Dec 8, 2025
CVE-2025-14248
7.3 HIGH

A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username …

Dec 8, 2025
CVE-2025-14247
6.3 MEDIUM

A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument …

Dec 8, 2025
CVE-2025-14246
6.3 MEDIUM

A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument user_id …

Dec 8, 2025
CVE-2025-42620

In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the …

Dec 8, 2025
CVE-2025-42616

Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP …

Dec 8, 2025
CVE-2025-14245
7.3 HIGH

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params …

Dec 8, 2025
CVE-2025-42615

In affected versions, vulnerability-lookup did not track or limit failed One-Time Password (OTP) attempts during Two-Factor Authentication (2FA) verification. An attacker who already knew or …

Dec 8, 2025
CVE-2025-14244
2.4 LOW

A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management …

Dec 8, 2025
CVE-2025-14230
6.3 MEDIUM

A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/add_payroll.php. Performing manipulation of …

Dec 8, 2025
CVE-2025-14229
4.7 MEDIUM

A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. …

Dec 8, 2025
CVE-2025-14228
3.5 LOW

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross …

Dec 8, 2025
CVE-2025-66461
6.7 MEDIUM

FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM …

Dec 8, 2025
CVE-2025-27020
9.8 CRITICAL

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This …

Dec 8, 2025
CVE-2025-27019
9.8 CRITICAL

Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse …

Dec 8, 2025
CVE-2025-14262
4.3 MEDIUM

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were …

Dec 8, 2025
CVE-2025-14227
6.3 MEDIUM

A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results …

Dec 8, 2025
CVE-2025-14226
7.3 HIGH

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname …

Dec 8, 2025
CVE-2025-14225
6.3 MEDIUM

A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the …

Dec 8, 2025
CVE-2025-66334
3.3 LOW

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Dec 8, 2025
CVE-2025-66333
3.3 LOW

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Dec 8, 2025
CVE-2025-66332
3.3 LOW

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Dec 8, 2025
CVE-2025-66331
3.3 LOW

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Dec 8, 2025
CVE-2025-66330
4.9 MEDIUM

App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Dec 8, 2025
CVE-2025-66329
4.0 MEDIUM

Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.

Dec 8, 2025
CVE-2025-66328
8.4 HIGH

Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.

Dec 8, 2025
CVE-2025-66327
7.1 HIGH

Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Dec 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.