CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-48913
9.8 CRITICAL

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. …

Aug 8, 2025
CVE-2025-54887
9.1 CRITICAL

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can …

Aug 8, 2025
CVE-2025-54952
9.8 CRITICAL

An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other …

Aug 8, 2025
CVE-2025-54951
9.8 CRITICAL

A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution …

Aug 7, 2025
CVE-2025-54950
9.8 CRITICAL

An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable …

Aug 7, 2025
CVE-2025-54949
9.8 CRITICAL

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch …

Aug 7, 2025
CVE-2025-30405
9.8 CRITICAL

An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code …

Aug 7, 2025
CVE-2025-30404
9.8 CRITICAL

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue …

Aug 7, 2025
CVE-2025-53792
9.1 CRITICAL

Azure Portal Elevation of Privilege Vulnerability

Aug 7, 2025
CVE-2025-53767
10.0 CRITICAL

Azure OpenAI Elevation of Privilege Vulnerability

Aug 7, 2025
CVE-2025-45765
9.1 CRITICAL

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more …

Aug 7, 2025
CVE-2025-50692
9.8 CRITICAL

FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.

Aug 7, 2025
CVE-2023-41530
9.8 CRITICAL

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.

Aug 7, 2025
CVE-2023-41528
9.8 CRITICAL

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.

Aug 7, 2025
CVE-2023-41527
9.8 CRITICAL

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.

Aug 7, 2025
CVE-2023-41526
9.8 CRITICAL

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.

Aug 7, 2025
CVE-2023-41525
9.8 CRITICAL

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.

Aug 7, 2025
CVE-2025-30127
9.8 CRITICAL

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings …

Aug 6, 2025
CVE-2025-23317
9.1 CRITICAL

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP …

Aug 6, 2025
CVE-2025-23311
9.8 CRITICAL

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this …

Aug 6, 2025
CVE-2025-23310
9.8 CRITICAL

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful …

Aug 6, 2025
CVE-2025-22470
9.8 CRITICAL

CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script …

Aug 6, 2025
CVE-2025-6994
9.8 CRITICAL

The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the …

Aug 6, 2025
CVE-2025-54594
9.1 CRITICAL

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the …

Aug 6, 2025
CVE-2013-10069
9.8 CRITICAL

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in …

Aug 5, 2025
CVE-2012-10030
9.8 CRITICAL

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty …

Aug 5, 2025
CVE-2012-10023
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing …

Aug 5, 2025
CVE-2025-54253
10.0 CRITICAL KEV

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this …

Aug 5, 2025
CVE-2025-46658
9.8 CRITICAL

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.

Aug 5, 2025
CVE-2025-54874
9.8 CRITICAL

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when …

Aug 5, 2025
CVE-2025-50707
9.8 CRITICAL

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component

Aug 5, 2025
CVE-2025-50706
9.8 CRITICAL

An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function

Aug 5, 2025
CVE-2025-54987
9.4 CRITICAL

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected …

Aug 5, 2025
CVE-2025-54948
9.4 CRITICAL KEV

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected …

Aug 5, 2025
CVE-2025-54982
9.6 CRITICAL

An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.

Aug 5, 2025
CVE-2025-54802
9.8 CRITICAL

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in …

Aug 5, 2025
CVE-2025-54795
9.8 CRITICAL

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation …

Aug 5, 2025
CVE-2025-54794
9.1 CRITICAL

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it …

Aug 5, 2025
CVE-2025-54387
9.8 CRITICAL

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used …

Aug 5, 2025
CVE-2025-54119
10.0 CRITICAL

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a …

Aug 5, 2025
CVE-2025-46093
9.9 CRITICAL

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging …

Aug 4, 2025
CVE-2025-27212
9.8 CRITICAL

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. …

Aug 4, 2025
CVE-2025-51387
9.8 CRITICAL

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is …

Aug 4, 2025
CVE-2025-50754
9.6 CRITICAL

Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in …

Aug 4, 2025
CVE-2025-50341
9.8 CRITICAL

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false …

Aug 4, 2025
CVE-2025-52239
9.8 CRITICAL

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

Aug 4, 2025
CVE-2025-51390
9.8 CRITICAL

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.

Aug 4, 2025
CVE-2025-51535
9.1 CRITICAL

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.

Aug 4, 2025
CVE-2025-44963
9.0 CRITICAL

RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.

Aug 4, 2025
CVE-2025-44961
9.9 CRITICAL

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.

Aug 4, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.