CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-52483
9.8 CRITICAL

Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the …

Jun 25, 2025
CVE-2025-52480
9.8 CRITICAL

Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the …

Jun 25, 2025
CVE-2025-20282
10.0 CRITICAL

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected …

Jun 25, 2025
CVE-2025-20281
10.0 CRITICAL KEV

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying …

Jun 25, 2025
CVE-2021-4457
9.1 CRITICAL

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.

Jun 25, 2025
CVE-2025-6543
9.8 CRITICAL KEV

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, …

Jun 25, 2025
CVE-2024-51978
9.8 CRITICAL

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover …

Jun 25, 2025
CVE-2025-52572
10.0 CRITICAL

Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an …

Jun 24, 2025
CVE-2025-52571
9.6 CRITICAL

Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to …

Jun 24, 2025
CVE-2025-52471
9.8 CRITICAL

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP …

Jun 24, 2025
CVE-2025-49853
9.1 CRITICAL

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL …

Jun 24, 2025
CVE-2025-49851
9.8 CRITICAL

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions …

Jun 24, 2025
CVE-2024-37743
9.8 CRITICAL

An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component.

Jun 24, 2025
CVE-2025-4378
10.0 CRITICAL

Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This issue affects ATA-AOF Mobile …

Jun 24, 2025
CVE-2025-4383
9.3 CRITICAL

Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication Bypass.This …

Jun 24, 2025
CVE-2021-41691
9.8 CRITICAL

A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.

Jun 24, 2025
CVE-2025-32977
9.6 CRITICAL

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch …

Jun 24, 2025
CVE-2025-32975
10.0 CRITICAL KEV

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch …

Jun 24, 2025
CVE-2025-6433
9.8 CRITICAL

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that …

Jun 24, 2025
CVE-2025-6427
9.1 CRITICAL

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from …

Jun 24, 2025
CVE-2025-6424
9.8 CRITICAL

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, …

Jun 24, 2025
CVE-2025-50213
9.8 CRITICAL

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: …

Jun 24, 2025
CVE-2025-48890
9.8 CRITICAL

WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a …

Jun 24, 2025
CVE-2025-43879
9.8 CRITICAL

WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a …

Jun 24, 2025
CVE-2024-56731
10.0 CRITICAL

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote …

Jun 24, 2025
CVE-2025-6560
9.8 CRITICAL

Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and …

Jun 24, 2025
CVE-2025-6559
9.8 CRITICAL

Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on …

Jun 24, 2025
CVE-2025-48469
9.6 CRITICAL

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege …

Jun 24, 2025
CVE-2025-34036
9.8 CRITICAL

An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP …

Jun 24, 2025
CVE-2025-34035
9.8 CRITICAL

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed …

Jun 24, 2025
CVE-2025-52562
10.0 CRITICAL

Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController …

Jun 23, 2025
CVE-2025-2828
10.0 CRITICAL

A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because …

Jun 23, 2025
CVE-2023-47030
9.8 CRITICAL

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a …

Jun 23, 2025
CVE-2023-47029
9.8 CRITICAL

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to …

Jun 23, 2025
CVE-2023-47031
9.8 CRITICAL

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization …

Jun 23, 2025
CVE-2023-47295
9.8 CRITICAL

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that …

Jun 23, 2025
CVE-2023-47032
9.8 CRITICAL

Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.

Jun 23, 2025
CVE-2025-46101
9.8 CRITICAL

SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain …

Jun 23, 2025
CVE-2023-48978
9.8 CRITICAL

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP …

Jun 23, 2025
CVE-2023-47297
9.8 CRITICAL

A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.

Jun 23, 2025
CVE-2025-6513
9.3 CRITICAL

Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.

Jun 23, 2025
CVE-2025-6512
10.0 CRITICAL

On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server …

Jun 23, 2025
CVE-2025-52921
9.9 CRITICAL

In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by …

Jun 23, 2025
CVE-2024-45347
9.6 CRITICAL

An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be …

Jun 23, 2025
CVE-2025-6216
9.8 CRITICAL

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to …

Jun 21, 2025
CVE-2025-25038
9.8 CRITICAL

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing …

Jun 20, 2025
CVE-2025-49132
10.0 CRITICAL

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious …

Jun 20, 2025
CVE-2025-44635
9.8 CRITICAL

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, …

Jun 20, 2025
CVE-2025-45890
9.8 CRITICAL

Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter

Jun 20, 2025
CVE-2025-46179
9.8 CRITICAL

A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into …

Jun 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.