CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-48706
9.1 CRITICAL

An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability, sending a crafted BLE message forces the device to …

Jun 20, 2025
CVE-2025-32880
9.8 CRITICAL

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, …

Jun 20, 2025
CVE-2025-32878
9.8 CRITICAL

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is …

Jun 20, 2025
CVE-2025-32877
9.8 CRITICAL

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in …

Jun 20, 2025
CVE-2024-53298
9.8 CRITICAL

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit …

Jun 20, 2025
CVE-2025-4981
9.9 CRITICAL

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor …

Jun 20, 2025
CVE-2025-6384
9.1 CRITICAL

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting …

Jun 19, 2025
CVE-2025-33117
9.1 CRITICAL

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a …

Jun 19, 2025
CVE-2025-4738
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: …

Jun 19, 2025
CVE-2025-52474
9.8 CRITICAL

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php …

Jun 19, 2025
CVE-2025-50201
9.8 CRITICAL

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch …

Jun 19, 2025
CVE-2025-52467
9.1 CRITICAL

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was …

Jun 19, 2025
CVE-2025-24288
9.8 CRITICAL

The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most …

Jun 19, 2025
CVE-2024-45208
9.8 CRITICAL

The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 …

Jun 19, 2025
CVE-2025-49591
9.1 CRITICAL

CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of …

Jun 18, 2025
CVE-2025-26199
9.8 CRITICAL

CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to …

Jun 18, 2025
CVE-2025-26198
9.8 CRITICAL

CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before …

Jun 18, 2025
CVE-2025-20260
9.8 CRITICAL

A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of …

Jun 18, 2025
CVE-2025-46157
9.9 CRITICAL

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form

Jun 18, 2025
CVE-2025-45784
9.8 CRITICAL

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image …

Jun 18, 2025
CVE-2025-1562
9.8 CRITICAL

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a …

Jun 18, 2025
CVE-2025-51381
9.8 CRITICAL

An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from …

Jun 18, 2025
CVE-2025-49825
9.8 CRITICAL

Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time …

Jun 17, 2025
CVE-2025-49217
9.8 CRITICAL

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this …

Jun 17, 2025
CVE-2025-49216
9.8 CRITICAL

An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify …

Jun 17, 2025
CVE-2025-49213
9.8 CRITICAL

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this …

Jun 17, 2025
CVE-2025-49212
9.8 CRITICAL

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this …

Jun 17, 2025
CVE-2025-49220
9.8 CRITICAL

An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that …

Jun 17, 2025
CVE-2025-49219
9.8 CRITICAL

An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that …

Jun 17, 2025
CVE-2025-49452
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Ladó PostaPanduri postapanduri allows SQL Injection.This issue affects PostaPanduri: from …

Jun 17, 2025
CVE-2025-49447
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : …

Jun 17, 2025
CVE-2025-49444
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.This issue affects …

Jun 17, 2025
CVE-2025-49330
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin cf7-zoho allows Object Injection.This issue affects Integration for …

Jun 17, 2025
CVE-2025-49071
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flozen: from …

Jun 17, 2025
CVE-2025-48274
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Blind SQL Injection.This issue affects …

Jun 17, 2025
CVE-2025-47573
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School …

Jun 17, 2025
CVE-2025-47559
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from …

Jun 17, 2025
CVE-2025-47452
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR wpvr allows Upload a Web Shell to a Web Server.This issue affects WP …

Jun 17, 2025
CVE-2025-39479
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart …

Jun 17, 2025
CVE-2025-32510
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a …

Jun 17, 2025
CVE-2025-31919
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.

Jun 17, 2025
CVE-2025-30618
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce rapyd-payments allows Object Injection.This issue affects Rapyd Payment Extension for WooCommerce: from n/a …

Jun 17, 2025
CVE-2025-24773
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce wpcrm …

Jun 17, 2025
CVE-2025-4404
9.1 CRITICAL

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` …

Jun 17, 2025
CVE-2025-32800
9.8 CRITICAL

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not …

Jun 16, 2025
CVE-2025-32799
9.8 CRITICAL

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due …

Jun 16, 2025
CVE-2025-32798
9.8 CRITICAL

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to …

Jun 16, 2025
CVE-2025-6087
9.1 CRITICAL

A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open …

Jun 16, 2025
CVE-2025-6179
9.8 CRITICAL

Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including …

Jun 16, 2025
CVE-2025-5309
9.8 CRITICAL

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote …

Jun 16, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.