CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-53005
9.8 CRITICAL

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source …

Jul 1, 2025
CVE-2025-53004
9.8 CRITICAL

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source …

Jun 30, 2025
CVE-2025-32463
9.3 CRITICAL KEV

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Jun 30, 2025
CVE-2025-45931
9.8 CRITICAL

An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file

Jun 30, 2025
CVE-2025-26074
9.8 CRITICAL

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.

Jun 30, 2025
CVE-2025-40731
9.8 CRITICAL

SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and …

Jun 30, 2025
CVE-2025-53076
9.8 CRITICAL

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.

Jun 30, 2025
CVE-2025-53074
9.1 CRITICAL

Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.

Jun 30, 2025
CVE-2025-53075
9.8 CRITICAL

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.

Jun 30, 2025
CVE-2025-0634
9.8 CRITICAL

Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.

Jun 30, 2025
CVE-2025-24290
9.9 CRITICAL

Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.

Jun 29, 2025
CVE-2025-53391
9.3 CRITICAL

The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to …

Jun 28, 2025
CVE-2025-32897
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 …

Jun 28, 2025
CVE-2025-5304
9.8 CRITICAL

The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. …

Jun 28, 2025
CVE-2025-5310
9.8 CRITICAL

Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, …

Jun 27, 2025
CVE-2025-52207
9.9 CRITICAL

PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.

Jun 27, 2025
CVE-2024-12364
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection.This issue affects …

Jun 27, 2025
CVE-2024-12150
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects Wowwo …

Jun 27, 2025
CVE-2024-12143
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection.This …

Jun 27, 2025
CVE-2024-11739
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: …

Jun 27, 2025
CVE-2025-53091
9.8 CRITICAL

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered …

Jun 27, 2025
CVE-2025-52553
9.6 CRITICAL

authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and …

Jun 27, 2025
CVE-2025-53314
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue affects WP Optimizer: from n/a through <= 2.5.0.

Jun 27, 2025
CVE-2025-53260
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This …

Jun 27, 2025
CVE-2025-52834
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey homey allows SQL Injection.This issue affects Homey: from n/a …

Jun 27, 2025
CVE-2025-52829
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL Injection.This issue affects DirectIQ …

Jun 27, 2025
CVE-2025-52725
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in pebas CouponXxL couponxxl allows Object Injection.This issue affects CouponXxL: from n/a through <= 3.0.0.

Jun 27, 2025
CVE-2025-52724
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects Amwerk: from n/a through <= 1.2.0.

Jun 27, 2025
CVE-2025-52722
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoinWebs Classiera classiera allows SQL Injection.This issue affects Classiera: from n/a …

Jun 27, 2025
CVE-2025-52717
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS lifterlms allows SQL Injection.This issue affects LifterLMS: from n/a …

Jun 27, 2025
CVE-2025-49885
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell …

Jun 27, 2025
CVE-2025-39474
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a …

Jun 27, 2025
CVE-2025-28970
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through <= …

Jun 27, 2025
CVE-2025-23967
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpopal GG Bought Together for WooCommerce gg-bought-together allows SQL Injection.This issue …

Jun 27, 2025
CVE-2024-12827
9.8 CRITICAL

The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and …

Jun 27, 2025
CVE-2025-6688
9.8 CRITICAL

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying …

Jun 27, 2025
CVE-2025-5306
9.8 CRITICAL

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778

Jun 27, 2025
CVE-2025-3699
9.8 CRITICAL

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, …

Jun 26, 2025
CVE-2015-0843
9.8 CRITICAL

yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.

Jun 26, 2025
CVE-2015-0842
9.8 CRITICAL

yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.

Jun 26, 2025
CVE-2014-7210
9.8 CRITICAL

pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql …

Jun 26, 2025
CVE-2014-0468
9.8 CRITICAL

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM …

Jun 26, 2025
CVE-2025-49603
9.1 CRITICAL

Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.

Jun 26, 2025
CVE-2025-30131
9.8 CRITICAL

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based …

Jun 26, 2025
CVE-2024-52928
9.6 CRITICAL

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when …

Jun 26, 2025
CVE-2025-29331
9.8 CRITICAL

An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no …

Jun 26, 2025
CVE-2025-49003
9.8 CRITICAL

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in …

Jun 26, 2025
CVE-2025-6561
9.8 CRITICAL

Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a …

Jun 26, 2025
CVE-2025-4334
9.8 CRITICAL

The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient …

Jun 26, 2025
CVE-2025-36038
9.0 CRITICAL

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of …

Jun 25, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.