CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-56214
9.8 CRITICAL

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.

Aug 25, 2025
CVE-2025-56212
9.8 CRITICAL

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.

Aug 25, 2025
CVE-2025-50900
9.8 CRITICAL

An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use …

Aug 25, 2025
CVE-2025-54494
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54493
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54492
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54491
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54490
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54489
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54488
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54487
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54486
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54485
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54484
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54483
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54482
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54481
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54480
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-54462
9.8 CRITICAL

A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex …

Aug 25, 2025
CVE-2025-53853
9.8 CRITICAL

A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE …

Aug 25, 2025
CVE-2025-53557
9.8 CRITICAL

A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-53518
9.8 CRITICAL

An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file …

Aug 25, 2025
CVE-2025-53511
9.8 CRITICAL

A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-52581
9.8 CRITICAL

An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file …

Aug 25, 2025
CVE-2025-48005
9.8 CRITICAL

A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 …

Aug 25, 2025
CVE-2025-45968
9.8 CRITICAL

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an …

Aug 25, 2025
CVE-2025-29515
9.8 CRITICAL

Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including …

Aug 25, 2025
CVE-2025-29514
9.8 CRITICAL

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web …

Aug 25, 2025
CVE-2025-36157
9.8 CRITICAL

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server …

Aug 24, 2025
CVE-2025-5821
9.8 CRITICAL

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the …

Aug 23, 2025
CVE-2025-5352
9.6 CRITICAL

A critical stored Cross-Site Scripting (XSS) vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable is directly …

Aug 23, 2025
CVE-2025-7642
9.8 CRITICAL

The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying …

Aug 23, 2025
CVE-2025-43766
9.8 CRITICAL

The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 …

Aug 23, 2025
CVE-2025-4609
9.6 CRITICAL

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox …

Aug 22, 2025
CVE-2025-26496
9.3 CRITICAL

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This …

Aug 22, 2025
CVE-2025-57801
9.1 CRITICAL

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a …

Aug 22, 2025
CVE-2022-43110
9.8 CRITICAL

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated …

Aug 22, 2025
CVE-2022-31491
10.0 CRITICAL

Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified …

Aug 22, 2025
CVE-2025-51092
9.8 CRITICAL

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn() and signUp() build …

Aug 22, 2025
CVE-2022-45134
9.8 CRITICAL

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause …

Aug 22, 2025
CVE-2025-55613
9.8 CRITICAL

Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter.

Aug 22, 2025
CVE-2024-53499
9.8 CRITICAL

Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API.

Aug 22, 2025
CVE-2024-53496
9.8 CRITICAL

Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.

Aug 22, 2025
CVE-2024-52786
9.8 CRITICAL

An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL.

Aug 22, 2025
CVE-2024-50645
9.8 CRITICAL

MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token.

Aug 22, 2025
CVE-2025-57105
9.8 CRITICAL

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and …

Aug 22, 2025
CVE-2025-55637
9.8 CRITICAL

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function.

Aug 22, 2025
CVE-2025-55619
9.8 CRITICAL

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web …

Aug 22, 2025
CVE-2025-55398
9.8 CRITICAL

An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders fail …

Aug 22, 2025
CVE-2024-50644
9.8 CRITICAL

zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token.

Aug 22, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.