CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-22457
9.0 CRITICAL KEV

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows …

Apr 3, 2025
CVE-2025-31911
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems Social Share And Social Locker social-share-and-social-locker-arsocial allows Blind SQL Injection.This …

Apr 3, 2025
CVE-2025-29369
9.8 CRITICAL

Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /view_profile.php?id=1.

Apr 3, 2025
CVE-2025-22930
9.8 CRITICAL

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.

Apr 3, 2025
CVE-2025-22929
9.8 CRITICAL

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.

Apr 3, 2025
CVE-2025-22926
9.8 CRITICAL

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.

Apr 3, 2025
CVE-2025-2946
9.1 CRITICAL

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result …

Apr 3, 2025
CVE-2025-2945
9.9 CRITICAL

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where …

Apr 3, 2025
CVE-2025-22928
9.8 CRITICAL

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.

Apr 3, 2025
CVE-2025-22927
9.1 CRITICAL

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.

Apr 3, 2025
CVE-2025-31477
9.8 CRITICAL

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs …

Apr 2, 2025
CVE-2025-29085
9.8 CRITICAL

SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.

Apr 2, 2025
CVE-2025-29063
9.8 CRITICAL

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled …

Apr 2, 2025
CVE-2025-29062
9.8 CRITICAL

An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead …

Apr 2, 2025
CVE-2024-38392
9.1 CRITICAL

Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted …

Apr 2, 2025
CVE-2025-2005
9.8 CRITICAL

The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of …

Apr 2, 2025
CVE-2023-40714
9.9 CRITICAL

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain …

Apr 2, 2025
CVE-2025-30356
9.8 CRITICAL

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the …

Apr 1, 2025
CVE-2025-31612
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll cbxpoll allows Object Injection.This issue affects CBX Poll: from n/a through <= 2.0.4.

Apr 1, 2025
CVE-2025-31579
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows SQL Injection.This issue affects WP …

Apr 1, 2025
CVE-2025-31553
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows SQL Injection.This issue …

Apr 1, 2025
CVE-2025-31552
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.This issue affects RSVPMarker : from …

Apr 1, 2025
CVE-2025-31551
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms gf-salesmate-add-on allows SQL Injection.This issue …

Apr 1, 2025
CVE-2025-31534
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shopperdotcom Shopper shopper allows SQL Injection.This issue affects Shopper: from n/a …

Apr 1, 2025
CVE-2025-31531
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in click5 History Log by click5 history-log-by-click5 allows SQL Injection.This issue affects …

Apr 1, 2025
CVE-2025-30841
9.9 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown …

Apr 1, 2025
CVE-2025-30807
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration nextcart-woocommerce-migration allows SQL Injection.This …

Apr 1, 2025
CVE-2025-30580
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in kellydiek DigiWidgets Image Editor digiwidgets-image-editor allows Remote Code Inclusion.This issue affects DigiWidgets Image Editor: from …

Apr 1, 2025
CVE-2025-2237
9.8 CRITICAL

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This …

Apr 1, 2025
CVE-2024-13553
9.8 CRITICAL

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, …

Apr 1, 2025
CVE-2024-56325
9.8 CRITICAL

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST …

Apr 1, 2025
CVE-2025-30065
9.8 CRITICAL

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade …

Apr 1, 2025
CVE-2025-31095
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in Hossein Material Dashboard material-dashboard allows Authentication Bypass.This issue affects Material Dashboard: from n/a through <= …

Apr 1, 2025
CVE-2025-31087
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows Object Injection.This issue affects Multiple Shipping And Billing Address …

Apr 1, 2025
CVE-2025-31084
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Object Injection.This issue affects Sunshine Photo Cart: from n/a through <= 3.4.10.

Apr 1, 2025
CVE-2025-30971
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows SQL Injection.This issue affects …

Apr 1, 2025
CVE-2025-30911
9.9 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4.

Apr 1, 2025
CVE-2025-30886
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows SQL Injection.This issue affects JS …

Apr 1, 2025
CVE-2025-30876
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows SQL Injection.This issue …

Apr 1, 2025
CVE-2025-30622
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in torsteino PostMash postmash-custom allows SQL Injection.This issue affects PostMash: from n/a …

Apr 1, 2025
CVE-2025-31194
9.8 CRITICAL

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A Shortcut …

Mar 31, 2025
CVE-2025-31183
9.8 CRITICAL

The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS …

Mar 31, 2025
CVE-2025-31182
9.8 CRITICAL

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, …

Mar 31, 2025
CVE-2025-30465
9.8 CRITICAL

A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5, macOS …

Mar 31, 2025
CVE-2025-30462
9.8 CRITICAL

A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Apps that …

Mar 31, 2025
CVE-2025-30461
9.8 CRITICAL

An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be …

Mar 31, 2025
CVE-2025-30458
9.8 CRITICAL

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read files outside …

Mar 31, 2025
CVE-2025-30457
9.8 CRITICAL

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious …

Mar 31, 2025
CVE-2025-30452
9.8 CRITICAL

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An input validation issue …

Mar 31, 2025
CVE-2025-30444
9.8 CRITICAL

A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously …

Mar 31, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.