CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-2523
9.4 CRITICAL

The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this …

Jul 10, 2025
CVE-2025-53633
9.8 CRITICAL

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of …

Jul 10, 2025
CVE-2025-53632
9.1 CRITICAL

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of …

Jul 10, 2025
CVE-2025-53371
9.1 CRITICAL

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and …

Jul 10, 2025
CVE-2025-47812
10.0 CRITICAL KEV

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session …

Jul 10, 2025
CVE-2025-23048
9.1 CRITICAL

In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session …

Jul 10, 2025
CVE-2025-53624
10.0 CRITICAL

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are …

Jul 9, 2025
CVE-2025-53546
9.1 CRITICAL

Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access …

Jul 9, 2025
CVE-2025-6514
9.6 CRITICAL

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

Jul 9, 2025
CVE-2025-3499
10.0 CRITICAL

The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through …

Jul 9, 2025
CVE-2025-3498
9.9 CRITICAL

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration. The device has …

Jul 9, 2025
CVE-2025-4606
9.8 CRITICAL

The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and …

Jul 9, 2025
CVE-2025-7206
9.8 CRITICAL

A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of …

Jul 9, 2025
CVE-2025-4855
9.8 CRITICAL

The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in …

Jul 9, 2025
CVE-2025-4828
9.8 CRITICAL

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_delete function in all versions …

Jul 9, 2025
CVE-2025-49533
9.8 CRITICAL

Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by …

Jul 8, 2025
CVE-2025-27203
9.6 CRITICAL

Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. …

Jul 8, 2025
CVE-2025-49535
9.3 CRITICAL

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a …

Jul 8, 2025
CVE-2025-37103
9.8 CRITICAL

Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation …

Jul 8, 2025
CVE-2025-47981
9.8 CRITICAL

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Jul 8, 2025
CVE-2025-21450
9.1 CRITICAL

Cryptographic issue occurs due to use of insecure connection method while downloading.

Jul 8, 2025
CVE-2025-40717
9.8 CRITICAL

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases …

Jul 8, 2025
CVE-2025-40716
9.8 CRITICAL

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases …

Jul 8, 2025
CVE-2025-40715
9.8 CRITICAL

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases …

Jul 8, 2025
CVE-2025-40714
9.8 CRITICAL

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases …

Jul 8, 2025
CVE-2025-40713
9.8 CRITICAL

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases …

Jul 8, 2025
CVE-2025-40712
9.8 CRITICAL

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases …

Jul 8, 2025
CVE-2025-40711
9.8 CRITICAL

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases …

Jul 8, 2025
CVE-2025-40736
9.8 CRITICAL

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative …

Jul 8, 2025
CVE-2025-25270
9.8 CRITICAL

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

Jul 8, 2025
CVE-2025-20684
9.8 CRITICAL

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Jul 8, 2025
CVE-2025-20683
9.8 CRITICAL

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Jul 8, 2025
CVE-2025-20682
9.8 CRITICAL

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Jul 8, 2025
CVE-2025-20681
9.8 CRITICAL

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Jul 8, 2025
CVE-2025-20680
9.8 CRITICAL

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege …

Jul 8, 2025
CVE-2025-42980
9.1 CRITICAL

SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead …

Jul 8, 2025
CVE-2025-42967
9.9 CRITICAL

SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report …

Jul 8, 2025
CVE-2025-42966
9.1 CRITICAL

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted …

Jul 8, 2025
CVE-2025-42964
9.1 CRITICAL

SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a …

Jul 8, 2025
CVE-2025-42963
9.1 CRITICAL

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can …

Jul 8, 2025
CVE-2025-53499
9.1 CRITICAL

Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.

Jul 7, 2025
CVE-2025-53495
9.1 CRITICAL

Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.

Jul 7, 2025
CVE-2025-53529
9.8 CRITICAL

WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profile_funcionario.php endpoint. The id_funcionario parameter is not properly sanitized …

Jul 7, 2025
CVE-2025-53527
9.8 CRITICAL

WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This …

Jul 7, 2025
CVE-2024-25178
9.1 CRITICAL

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.

Jul 7, 2025
CVE-2024-25176
9.8 CRITICAL

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.

Jul 7, 2025
CVE-2025-47202
9.1 CRITICAL

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, …

Jul 7, 2025
CVE-2025-45479
9.8 CRITICAL

Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container.

Jul 7, 2025
CVE-2025-45065
9.8 CRITICAL

employee record management system in php and mysql v1 was discovered to contain a SQL injection vulnerability via the loginerms.php endpoint.

Jul 7, 2025
CVE-2025-43933
9.8 CRITICAL

fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP …

Jul 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.