CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-44954
9.0 CRITICAL

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.

Aug 4, 2025
CVE-2025-51536
9.8 CRITICAL

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.

Aug 4, 2025
CVE-2025-36594
9.8 CRITICAL

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS …

Aug 4, 2025
CVE-2025-6205
9.1 CRITICAL KEV

A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.

Aug 4, 2025
CVE-2025-7710
9.8 CRITICAL

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to …

Aug 2, 2025
CVE-2025-6077
9.8 CRITICAL

Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.

Aug 2, 2025
CVE-2025-54386
9.8 CRITICAL

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered …

Aug 2, 2025
CVE-2025-54133
9.6 CRITICAL

Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP …

Aug 2, 2025
CVE-2013-10051
9.8 CRITICAL

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, …

Aug 1, 2025
CVE-2013-10048
9.8 CRITICAL

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper …

Aug 1, 2025
CVE-2025-6000
9.1 CRITICAL

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory …

Aug 1, 2025
CVE-2025-54574
9.3 CRITICAL

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code …

Aug 1, 2025
CVE-2025-50870
9.8 CRITICAL

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns …

Aug 1, 2025
CVE-2025-45150
9.8 CRITICAL

Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.

Aug 1, 2025
CVE-2025-52390
9.1 CRITICAL

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates …

Aug 1, 2025
CVE-2025-50472
9.8 CRITICAL

The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` class. Attackers …

Aug 1, 2025
CVE-2025-50460
9.8 CRITICAL

A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library …

Aug 1, 2025
CVE-2019-19144
9.8 CRITICAL

XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.

Aug 1, 2025
CVE-2025-41375
9.8 CRITICAL

SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, update and delete database via 'token' parameter in '/index.php' endpoint.

Aug 1, 2025
CVE-2025-8454
9.8 CRITICAL

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make …

Aug 1, 2025
CVE-2025-5947
9.8 CRITICAL

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is …

Aug 1, 2025
CVE-2025-5954
9.8 CRITICAL

The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This …

Aug 1, 2025
CVE-2025-48072
9.1 CRITICAL

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable …

Jul 31, 2025
CVE-2025-26063
9.8 CRITICAL

An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name …

Jul 31, 2025
CVE-2025-26062
9.8 CRITICAL

An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information …

Jul 31, 2025
CVE-2025-8426
9.4 CRITICAL

Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition …

Jul 31, 2025
CVE-2025-50475
9.8 CRITICAL

An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to …

Jul 31, 2025
CVE-2013-10042
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a …

Jul 31, 2025
CVE-2013-10040
9.8 CRITICAL

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, …

Jul 31, 2025
CVE-2012-10021
9.8 CRITICAL

A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises …

Jul 31, 2025
CVE-2025-49084
9.1 CRITICAL

CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrite policy rules without …

Jul 31, 2025
CVE-2025-54576
9.1 CRITICAL

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load …

Jul 30, 2025
CVE-2025-50578
9.8 CRITICAL

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An unauthenticated remote attacker can manipulate these headers …

Jul 30, 2025
CVE-2025-46811
9.8 CRITICAL

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run …

Jul 30, 2025
CVE-2025-54430
9.1 CRITICAL

dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a …

Jul 30, 2025
CVE-2025-43275
9.8 CRITICAL

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may …

Jul 30, 2025
CVE-2025-43273
9.1 CRITICAL

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.8. A sandboxed process may be …

Jul 30, 2025
CVE-2025-43261
9.8 CRITICAL

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may …

Jul 30, 2025
CVE-2025-43253
9.8 CRITICAL

This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able …

Jul 30, 2025
CVE-2025-43245
9.8 CRITICAL

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app …

Jul 30, 2025
CVE-2025-43244
9.8 CRITICAL

A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app …

Jul 30, 2025
CVE-2025-43243
9.8 CRITICAL

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may …

Jul 30, 2025
CVE-2025-43237
9.8 CRITICAL

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause …

Jul 30, 2025
CVE-2025-43234
9.8 CRITICAL

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, …

Jul 30, 2025
CVE-2025-43233
9.8 CRITICAL

This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app …

Jul 30, 2025
CVE-2025-43232
9.8 CRITICAL

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may …

Jul 30, 2025
CVE-2025-43222
9.8 CRITICAL

A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura …

Jul 30, 2025
CVE-2025-43220
9.8 CRITICAL

This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. …

Jul 30, 2025
CVE-2025-43209
9.8 CRITICAL

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, …

Jul 30, 2025
CVE-2025-43199
9.8 CRITICAL

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A …

Jul 30, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.