CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-23191
3.1 LOW

Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an …

Feb 11, 2025
CVE-2025-1159
3.5 LOW

A vulnerability was found in CampCodes School Management Software 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of …

Feb 10, 2025
CVE-2025-1153
3.1 LOW

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation …

Feb 10, 2025
CVE-2025-1152
3.1 LOW

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. …

Feb 10, 2025
CVE-2025-1151
3.1 LOW

A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of …

Feb 10, 2025
CVE-2025-1150
3.1 LOW

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of …

Feb 10, 2025
CVE-2025-24892
3.5 LOW

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the …

Feb 10, 2025
CVE-2025-1149
3.1 LOW

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the …

Feb 10, 2025
CVE-2025-1148
3.1 LOW

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of …

Feb 10, 2025
CVE-2025-1147
3.1 LOW

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c …

Feb 10, 2025
CVE-2025-1115
3.3 LOW

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_device_close/sys_device_control/sys_device_find/sys_device_init/sys_device_open/sys_device_read/sys_device_register/sys_device_write/sys_event_delete/sys_event_recv/sys_event_send/sys_mb_delete/sys_mb_recv/sys_mb_send/sys_mb_send_wait/sys_mq_recv/sys_mq_send/sys_mq_urgent/sys_mutex_delete/sys_mutex_release/sys_mutex_take/sys_rt_timer_control/sys_rt_timer_delete/sys_rt_timer_start/sys_rt_timer_stop/sys_sem_delete/sys_sem_release/sys_sem_take/sys_shmat/sys_shmdt/sys_thread_create/sys_thread_delete/sys_thread_startup/sys_timer_delete/sys_timer_gettime/sys_timer_settime of the file rt-thread/components/lwp/lwp_syscall.c. The …

Feb 8, 2025
CVE-2025-1114
3.5 LOW

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category …

Feb 7, 2025
CVE-2024-55630
3.3 LOW

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer …

Feb 7, 2025
CVE-2025-25183
2.6 LOW

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which …

Feb 7, 2025
CVE-2025-22402
2.6 LOW

Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low …

Feb 7, 2025
CVE-2025-1083
3.1 LOW

A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. …

Feb 6, 2025
CVE-2025-1082
3.5 LOW

A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component …

Feb 6, 2025
CVE-2025-1081
3.1 LOW

A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of …

Feb 6, 2025
CVE-2024-56467
3.3 LOW

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used …

Feb 6, 2025
CVE-2024-57956
2.8 LOW

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.

Feb 6, 2025
CVE-2025-23415
3.1 LOW

An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks …

Feb 5, 2025
CVE-2025-20185
3.4 LOW

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, …

Feb 5, 2025
CVE-2024-9097
3.5 LOW

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.

Feb 5, 2025
CVE-2024-5528
3.5 LOW

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to …

Feb 5, 2025
CVE-2025-0167
3.4 LOW

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to …

Feb 5, 2025
CVE-2025-22601
3.1 LOW

Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own …

Feb 4, 2025
CVE-2024-56197
2.2 LOW

Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for …

Feb 4, 2025
CVE-2024-45658
2.7 LOW

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message …

Feb 4, 2025
CVE-2025-20895
3.2 LOW

Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.

Feb 4, 2025
CVE-2025-22475
3.7 LOW

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote …

Feb 4, 2025
CVE-2025-0148
2.6 LOW

Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via …

Feb 3, 2025
CVE-2025-20643
3.9 LOW

In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an …

Feb 3, 2025
CVE-2025-0972
3.5 LOW

A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. …

Feb 3, 2025
CVE-2025-0971
3.5 LOW

A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of …

Feb 3, 2025
CVE-2025-0961
3.5 LOW

A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the …

Feb 1, 2025
CVE-2024-53296
2.7 LOW

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access …

Feb 1, 2025
CVE-2020-11936
3.1 LOW

gdbus setgid privilege escalation

Jan 31, 2025
CVE-2025-24336
3.3 LOW

SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed.

Jan 31, 2025
CVE-2023-6195
2.6 LOW

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting …

Jan 31, 2025
CVE-2025-0146
3.9 LOW

Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via …

Jan 30, 2025
CVE-2025-0144
3.1 LOW

Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.

Jan 30, 2025
CVE-2025-0871
3.5 LOW

A vulnerability classified as problematic has been found in Maybecms 1.2. This affects an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. …

Jan 30, 2025
CVE-2024-55416
3.5 LOW

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can …

Jan 30, 2025
CVE-2025-0800
2.4 LOW

A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component …

Jan 29, 2025
CVE-2025-0797
3.3 LOW

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file …

Jan 29, 2025
CVE-2025-0795
3.5 LOW

A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation …

Jan 29, 2025
CVE-2025-0794
3.5 LOW

A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The …

Jan 29, 2025
CVE-2025-0790
3.5 LOW

A vulnerability classified as problematic was found in ESAFENET CDG V5. This vulnerability affects unknown code of the file /doneDetail.jsp. The manipulation of the argument …

Jan 29, 2025
CVE-2025-0787
3.5 LOW

A vulnerability was found in ESAFENET CDG V5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file …

Jan 28, 2025
CVE-2025-0785
3.5 LOW

A vulnerability was found in ESAFENET CDG V5 and classified as problematic. This issue affects some unknown processing of the file /SysConfig.jsp. The manipulation of …

Jan 28, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.