CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-43198
9.8 CRITICAL

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able …

Jul 30, 2025
CVE-2025-43194
9.8 CRITICAL

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be …

Jul 30, 2025
CVE-2025-43193
9.8 CRITICAL

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may …

Jul 30, 2025
CVE-2025-43192
9.8 CRITICAL

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. Account-driven User Enrollment may still be …

Jul 30, 2025
CVE-2025-43189
9.8 CRITICAL

This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able …

Jul 30, 2025
CVE-2025-43186
9.8 CRITICAL

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS …

Jul 30, 2025
CVE-2025-43184
9.8 CRITICAL

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.7, macOS Ventura …

Jul 30, 2025
CVE-2025-31281
9.1 CRITICAL

An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, …

Jul 30, 2025
CVE-2025-31279
9.8 CRITICAL

A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An …

Jul 30, 2025
CVE-2025-31229
9.1 CRITICAL

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver.

Jul 30, 2025
CVE-2025-54381
9.9 CRITICAL

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload …

Jul 29, 2025
CVE-2025-40600
9.8 CRITICAL

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.

Jul 29, 2025
CVE-2025-53102
9.8 CRITICAL

Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a …

Jul 29, 2025
CVE-2025-44136
9.8 CRITICAL

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads …

Jul 29, 2025
CVE-2025-50738
9.8 CRITICAL

The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such …

Jul 29, 2025
CVE-2025-46059
9.8 CRITICAL

langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise …

Jul 29, 2025
CVE-2025-7458
9.1 CRITICAL

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to …

Jul 29, 2025
CVE-2025-40682
9.8 CRITICAL

SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and …

Jul 29, 2025
CVE-2025-8264
9.0 CRITICAL

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious …

Jul 29, 2025
CVE-2025-54428
9.8 CRITICAL

RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas …

Jul 28, 2025
CVE-2025-54419
10.0 CRITICAL

A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. …

Jul 28, 2025
CVE-2025-43023
9.1 CRITICAL

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of …

Jul 28, 2025
CVE-2025-54418
9.8 CRITICAL

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for …

Jul 28, 2025
CVE-2025-30125
9.8 CRITICAL

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an …

Jul 28, 2025
CVE-2025-30133
9.8 CRITICAL

An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app …

Jul 28, 2025
CVE-2025-30124
9.8 CRITICAL

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is …

Jul 28, 2025
CVE-2025-27724
9.3 CRITICAL

A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. …

Jul 28, 2025
CVE-2025-26469
9.3 CRITICAL

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a …

Jul 28, 2025
CVE-2025-6918
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncvav Virtual PBX Software allows SQL Injection.This issue affects Virtual PBX …

Jul 28, 2025
CVE-2025-5120
10.0 CRITICAL

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The …

Jul 27, 2025
CVE-2025-6895
9.8 CRITICAL

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. …

Jul 26, 2025
CVE-2025-54416
9.1 CRITICAL

tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or tag names with support for all events. In versions 8.2.1 and below, …

Jul 26, 2025
CVE-2025-54385
9.8 CRITICAL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions between 17.0.0-rc1 to 17.2.2 and versions …

Jul 26, 2025
CVE-2025-30135
9.4 CRITICAL

An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authentication controls on its …

Jul 25, 2025
CVE-2025-46199
9.8 CRITICAL

Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields

Jul 25, 2025
CVE-2025-29631
9.8 CRITICAL

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods …

Jul 25, 2025
CVE-2025-29629
9.1 CRITICAL

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure …

Jul 25, 2025
CVE-2025-29628
9.4 CRITICAL

A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application …

Jul 25, 2025
CVE-2014-125117
9.8 CRITICAL

A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted …

Jul 25, 2025
CVE-2025-45777
9.8 CRITICAL

An issue in the OTP mechanism of Chavara Family Welfare Centre Chavara Matrimony Site v2.0 allows attackers to bypass authentication via supplying a crafted request.

Jul 25, 2025
CVE-2019-25224
9.8 CRITICAL

The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated …

Jul 25, 2025
CVE-2015-10143
9.8 CRITICAL

The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on …

Jul 25, 2025
CVE-2025-54379
9.8 CRITICAL

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a …

Jul 24, 2025
CVE-2025-32429
9.8 CRITICAL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through …

Jul 24, 2025
CVE-2025-7404
9.8 CRITICAL

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects …

Jul 24, 2025
CVE-2025-6260
9.8 CRITICAL

The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from …

Jul 24, 2025
CVE-2025-53084
9.0 CRITICAL

A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP …

Jul 24, 2025
CVE-2025-50128
9.6 CRITICAL

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP …

Jul 24, 2025
CVE-2025-46410
9.6 CRITICAL

A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP …

Jul 24, 2025
CVE-2025-41420
9.6 CRITICAL

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP …

Jul 24, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.