CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-28056
9.8 CRITICAL

rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component.

May 13, 2025
CVE-2025-22462
9.8 CRITICAL

An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated …

May 13, 2025
CVE-2024-46506
10.0 CRITICAL

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in …

May 13, 2025
CVE-2025-44831
9.8 CRITICAL

EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.

May 13, 2025
CVE-2025-32756
9.8 CRITICAL KEV

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, …

May 13, 2025
CVE-2025-30159
9.1 CRITICAL

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` …

May 13, 2025
CVE-2025-33025
9.9 CRITICAL

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions …

May 13, 2025
CVE-2025-33024
9.9 CRITICAL

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions …

May 13, 2025
CVE-2025-32469
9.9 CRITICAL

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions …

May 13, 2025
CVE-2025-26390
9.8 CRITICAL

A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to …

May 13, 2025
CVE-2025-26389
10.0 CRITICAL

A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize …

May 13, 2025
CVE-2025-4632
9.8 CRITICAL KEV

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as …

May 13, 2025
CVE-2025-42999
9.1 CRITICAL KEV

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to …

May 13, 2025
CVE-2025-30012
10.0 CRITICAL

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload …

May 13, 2025
CVE-2023-49641
9.8 CRITICAL

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and …

May 13, 2025
CVE-2025-30448
9.1 CRITICAL

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma …

May 12, 2025
CVE-2025-30436
9.1 CRITICAL

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may …

May 12, 2025
CVE-2025-47682
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue …

May 12, 2025
CVE-2025-45779
9.8 CRITICAL

Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.

May 12, 2025
CVE-2025-44830
9.8 CRITICAL

EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.

May 12, 2025
CVE-2025-44022
9.8 CRITICAL

An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism.

May 12, 2025
CVE-2025-26846
9.8 CRITICAL

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.

May 12, 2025
CVE-2024-56524
9.1 CRITICAL

Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request.

May 12, 2025
CVE-2024-56523
9.1 CRITICAL

Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when …

May 12, 2025
CVE-2025-4559
9.8 CRITICAL

The ISOinsight from Netvision has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

May 12, 2025
CVE-2025-4558
9.8 CRITICAL

The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password …

May 12, 2025
CVE-2025-4557
9.1 CRITICAL

The specific APIs of Parking Management System from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific APIs and operate …

May 12, 2025
CVE-2025-4556
9.8 CRITICAL

The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and …

May 12, 2025
CVE-2025-4555
9.8 CRITICAL

The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access system …

May 12, 2025
CVE-2025-46192
9.8 CRITICAL

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.

May 9, 2025
CVE-2025-46191
9.8 CRITICAL

Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Due to …

May 9, 2025
CVE-2025-46190
9.8 CRITICAL

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter.

May 9, 2025
CVE-2025-46193
9.8 CRITICAL

SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.

May 9, 2025
CVE-2025-46189
9.8 CRITICAL

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.

May 9, 2025
CVE-2025-46188
9.8 CRITICAL

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.

May 9, 2025
CVE-2025-45513
9.8 CRITICAL

Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.

May 9, 2025
CVE-2025-28200
9.8 CRITICAL

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.

May 9, 2025
CVE-2025-45887
9.1 CRITICAL

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.

May 9, 2025
CVE-2025-45885
9.8 CRITICAL

PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and …

May 9, 2025
CVE-2024-12442
9.8 CRITICAL

EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access.

May 9, 2025
CVE-2024-11861
9.8 CRITICAL

EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access.

May 9, 2025
CVE-2025-4403
9.8 CRITICAL

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, …

May 9, 2025
CVE-2025-3605
9.8 CRITICAL

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. …

May 9, 2025
CVE-2025-2253
9.8 CRITICAL

The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the …

May 9, 2025
CVE-2024-11617
9.8 CRITICAL

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in …

May 9, 2025
CVE-2025-3714
9.8 CRITICAL

The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit …

May 9, 2025
CVE-2025-3711
9.8 CRITICAL

The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit …

May 9, 2025
CVE-2025-3710
9.8 CRITICAL

The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit …

May 9, 2025
CVE-2025-3811
9.8 CRITICAL

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to …

May 9, 2025
CVE-2025-3810
9.8 CRITICAL

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to …

May 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.