CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-55109
9.0 CRITICAL

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb …

Sep 16, 2025
CVE-2025-7744
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection.This issue affects Omaspot: before 12.09.2025.

Sep 16, 2025
CVE-2025-7743
9.6 CRITICAL

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025.

Sep 16, 2025
CVE-2025-4688
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection.This issue affects …

Sep 16, 2025
CVE-2025-43362
9.8 CRITICAL

The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may …

Sep 15, 2025
CVE-2025-43359
9.8 CRITICAL

A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS …

Sep 15, 2025
CVE-2025-43347
9.8 CRITICAL

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS …

Sep 15, 2025
CVE-2025-43343
9.8 CRITICAL

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, …

Sep 15, 2025
CVE-2025-43342
9.8 CRITICAL

A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, …

Sep 15, 2025
CVE-2025-31255
9.8 CRITICAL

An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, …

Sep 15, 2025
CVE-2025-57118
9.8 CRITICAL

An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php

Sep 15, 2025
CVE-2025-58748
9.8 CRITICAL

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify …

Sep 15, 2025
CVE-2025-57174
9.8 CRITICAL

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening …

Sep 15, 2025
CVE-2025-58046
9.8 CRITICAL

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code …

Sep 15, 2025
CVE-2025-58045
9.8 CRITICAL

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote …

Sep 15, 2025
CVE-2025-52053
9.8 CRITICAL

TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to …

Sep 15, 2025
CVE-2025-46408
9.8 CRITICAL

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.

Sep 15, 2025
CVE-2025-59361
9.8 CRITICAL

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote …

Sep 15, 2025
CVE-2025-59360
9.8 CRITICAL

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote …

Sep 15, 2025
CVE-2025-59359
9.8 CRITICAL

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote …

Sep 15, 2025
CVE-2025-10432
9.8 CRITICAL

A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing …

Sep 15, 2025
CVE-2025-10452
9.8 CRITICAL

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges.

Sep 15, 2025
CVE-2025-10392
9.8 CRITICAL

A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of …

Sep 14, 2025
CVE-2025-45583
9.1 CRITICAL

Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination …

Sep 12, 2025
CVE-2025-58434
9.8 CRITICAL

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in …

Sep 12, 2025
CVE-2024-45434
9.8 CRITICAL

OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack …

Sep 12, 2025
CVE-2025-55835
9.8 CRITICAL

File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.

Sep 12, 2025
CVE-2025-9556
9.8 CRITICAL

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends …

Sep 12, 2025
CVE-2025-8699
9.1 CRITICAL

Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards …

Sep 12, 2025
CVE-2025-10266
9.8 CRITICAL

NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete …

Sep 12, 2025
CVE-2025-10264
10.0 CRITICAL

Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and …

Sep 12, 2025
CVE-2025-10127
9.8 CRITICAL

Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An …

Sep 11, 2025
CVE-2025-59053
9.6 CRITICAL

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the `packages/stage-ui/src/components/MarkdownRenderer.vue` path, the Markdown content is processed using the useMarkdown composable, and …

Sep 11, 2025
CVE-2025-58143
9.8 CRITICAL

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling …

Sep 11, 2025
CVE-2025-58142
9.8 CRITICAL

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling …

Sep 11, 2025
CVE-2025-27466
9.8 CRITICAL

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling …

Sep 11, 2025
CVE-2025-40692
9.8 CRITICAL

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'requestid' parameter …

Sep 11, 2025
CVE-2025-40691
9.8 CRITICAL

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'todate' parameter …

Sep 11, 2025
CVE-2025-40690
9.8 CRITICAL

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter …

Sep 11, 2025
CVE-2025-40689
9.8 CRITICAL

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'remark', 'status' …

Sep 11, 2025
CVE-2025-40687
9.8 CRITICAL

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'mobilenumber', 'teamleadname' …

Sep 11, 2025
CVE-2025-58321
10.0 CRITICAL

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

Sep 11, 2025
CVE-2025-8570
9.8 CRITICAL

The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions …

Sep 11, 2025
CVE-2025-54123
9.8 CRITICAL

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at …

Sep 10, 2025
CVE-2025-59041
9.8 CRITICAL

Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.email`. Prior to version 1.0.105, a …

Sep 10, 2025
CVE-2025-58764
9.8 CRITICAL

Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the …

Sep 10, 2025
CVE-2025-10226
9.8 CRITICAL

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote …

Sep 10, 2025
CVE-2025-10220
9.8 CRITICAL

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote …

Sep 10, 2025
CVE-2025-9943
9.1 CRITICAL

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) …

Sep 10, 2025
CVE-2025-59046
9.8 CRITICAL

The npm package `interactive-git-checkout` is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on …

Sep 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.