CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-52095
9.8 CRITICAL

An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll

Aug 22, 2025
CVE-2025-29366
9.8 CRITICAL

In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine.

Aug 22, 2025
CVE-2025-29365
9.8 CRITICAL

spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.

Aug 22, 2025
CVE-2025-9254
9.8 CRITICAL

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific …

Aug 22, 2025
CVE-2010-20113
9.8 CRITICAL

EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails …

Aug 21, 2025
CVE-2025-53795
9.1 CRITICAL

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.

Aug 21, 2025
CVE-2025-53763
9.8 CRITICAL

Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

Aug 21, 2025
CVE-2025-3128
9.8 CRITICAL

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, …

Aug 21, 2025
CVE-2010-20121
9.8 CRITICAL

EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, …

Aug 21, 2025
CVE-2025-52352
9.8 CRITICAL

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. …

Aug 21, 2025
CVE-2025-57754
9.8 CRITICAL

eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase …

Aug 21, 2025
CVE-2024-45438
9.1 CRITICAL

An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.x before 8.01.14. The file quarantine.php within the SpamTitan interface allows …

Aug 21, 2025
CVE-2025-52395
9.8 CRITICAL

An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint that fails …

Aug 21, 2025
CVE-2025-53251
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin …

Aug 21, 2025
CVE-2025-8895
9.8 CRITICAL

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and …

Aug 21, 2025
CVE-2025-7390
9.1 CRITICAL

A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.

Aug 21, 2025
CVE-2025-43300
10.0 CRITICAL KEV

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, …

Aug 21, 2025
CVE-2025-27217
9.1 CRITICAL

A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.

Aug 21, 2025
CVE-2025-27214
9.8 CRITICAL

A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to …

Aug 21, 2025
CVE-2025-24285
9.8 CRITICAL

Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the …

Aug 21, 2025
CVE-2025-9288
9.1 CRITICAL

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

Aug 20, 2025
CVE-2025-9287
9.1 CRITICAL

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.

Aug 20, 2025
CVE-2024-57155
9.8 CRITICAL

Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token.

Aug 20, 2025
CVE-2024-57154
9.8 CRITICAL

Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via sending a crafted payload to /admin/auth/index.

Aug 20, 2025
CVE-2025-55746
9.3 CRITICAL

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update …

Aug 20, 2025
CVE-2025-8611
9.8 CRITICAL

AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Aug 20, 2025
CVE-2025-8610
9.8 CRITICAL

AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Aug 20, 2025
CVE-2025-55444
9.8 CRITICAL

A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker …

Aug 20, 2025
CVE-2025-50904
9.8 CRITICAL

There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any …

Aug 20, 2025
CVE-2025-50901
9.8 CRITICAL

JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.

Aug 20, 2025
CVE-2024-50640
9.8 CRITICAL

jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function

Aug 20, 2025
CVE-2024-57157
9.8 CRITICAL

Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token.

Aug 20, 2025
CVE-2011-10026
9.8 CRITICAL

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell …

Aug 20, 2025
CVE-2010-20103
9.8 CRITICAL

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden …

Aug 20, 2025
CVE-2025-27129
9.8 CRITICAL

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code …

Aug 20, 2025
CVE-2025-54726
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects …

Aug 20, 2025
CVE-2025-54713
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Authentication Abuse.This issue affects Taxi Booking Manager …

Aug 20, 2025
CVE-2025-54677
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Using Malicious Files.This issue …

Aug 20, 2025
CVE-2025-54049
9.9 CRITICAL

Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through <= 4.2.2.

Aug 20, 2025
CVE-2025-54048
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects …

Aug 20, 2025
CVE-2025-54014
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Object Injection.This issue affects MediCenter - Health Medical Clinic: from n/a …

Aug 20, 2025
CVE-2025-53580
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9.

Aug 20, 2025
CVE-2025-53577
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS global-dns allows Remote Code Inclusion.This issue affects Global DNS: from n/a through …

Aug 20, 2025
CVE-2025-53299
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content Composer tmm_content_composer allows Object Injection.This issue affects ThemeMakers Visual Content Composer: from n/a through <= …

Aug 20, 2025
CVE-2025-53213
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping elex-reachship-multi-carrier-conditional-shipping allows Using Malicious Files.This issue affects ReachShip WooCommerce …

Aug 20, 2025
CVE-2025-49890
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in ThemeREX Organic Beauty organic-beauty allows Object Injection.This issue affects Organic Beauty: from n/a through <= 1.4.6.

Aug 20, 2025
CVE-2025-49434
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects Cars4Rent: from n/a through <= 1.4.2.

Aug 20, 2025
CVE-2025-49422
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9.

Aug 20, 2025
CVE-2025-49410
10.0 CRITICAL

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from …

Aug 20, 2025
CVE-2025-49409
9.8 CRITICAL

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SensorPress allows Stored XSS. This issue affects SensorPress: from n/a through 1.0.

Aug 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.