CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-26003
9.8 CRITICAL

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest.

Mar 26, 2025
CVE-2025-26002
9.8 CRITICAL

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost.

Mar 26, 2025
CVE-2025-25535
9.8 CRITICAL

HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.

Mar 26, 2025
CVE-2025-30524
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog displayproduct allows SQL Injection.This issue affects Product Catalog: …

Mar 26, 2025
CVE-2025-28942
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trust Payments Trust Payments Gateway for WooCommerce trust-payments-hosted-payment-pages-integration allows SQL Injection.This …

Mar 26, 2025
CVE-2025-28916
9.8 CRITICAL

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rashid Docpro docpro allows PHP Local File Inclusion.This issue …

Mar 26, 2025
CVE-2025-28898
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows SQL Injection.This issue affects WP …

Mar 26, 2025
CVE-2025-28893
9.9 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Govind Visual Text Editor visual-text-editor allows Remote Code Inclusion.This issue affects Visual Text Editor: from …

Mar 26, 2025
CVE-2025-26941
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: …

Mar 26, 2025
CVE-2024-47516
9.8 CRITICAL

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure …

Mar 26, 2025
CVE-2025-27837
9.8 CRITICAL

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c …

Mar 25, 2025
CVE-2025-27836
9.8 CRITICAL

An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.

Mar 25, 2025
CVE-2025-27832
9.8 CRITICAL

An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.

Mar 25, 2025
CVE-2025-27831
9.8 CRITICAL

An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.

Mar 25, 2025
CVE-2025-25373
9.8 CRITICAL

The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform.

Mar 25, 2025
CVE-2024-55030
9.8 CRITICAL

A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands.

Mar 25, 2025
CVE-2024-55028
9.8 CRITICAL

A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file.

Mar 25, 2025
CVE-2025-30216
9.4 CRITICAL

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the …

Mar 25, 2025
CVE-2024-48818
9.8 CRITICAL

An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code.

Mar 25, 2025
CVE-2025-28904
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free web-directory-free allows Blind SQL Injection.This issue affects …

Mar 25, 2025
CVE-2024-42533
9.8 CRITICAL

SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter.

Mar 25, 2025
CVE-2025-1974
9.8 CRITICAL

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution …

Mar 25, 2025
CVE-2025-26512
9.9 CRITICAL

SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user …

Mar 24, 2025
CVE-2025-29315
9.8 CRITICAL

An issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to execute …

Mar 24, 2025
CVE-2025-29312
9.1 CRITICAL

An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from …

Mar 24, 2025
CVE-2025-29310
9.8 CRITICAL

An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute …

Mar 24, 2025
CVE-2025-29135
9.8 CRITICAL

A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security …

Mar 24, 2025
CVE-2025-29100
9.8 CRITICAL

Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list.

Mar 24, 2025
CVE-2025-2747
9.8 CRITICAL KEV

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication …

Mar 24, 2025
CVE-2025-2746
9.8 CRITICAL KEV

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication …

Mar 24, 2025
CVE-2023-25610
9.8 CRITICAL

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 …

Mar 24, 2025
CVE-2025-30615
9.6 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email wp-e-commerce-style-email allows Code Injection.This issue affects WP e-Commerce Style Email: from n/a through …

Mar 24, 2025
CVE-2025-30528
9.3 CRITICAL

Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through <= 1.2.

Mar 24, 2025
CVE-2025-1446
9.8 CRITICAL

The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL …

Mar 23, 2025
CVE-2025-2621
9.8 CRITICAL

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of …

Mar 22, 2025
CVE-2025-2620
9.8 CRITICAL

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the …

Mar 22, 2025
CVE-2025-2619
9.8 CRITICAL

A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component …

Mar 22, 2025
CVE-2025-2618
9.8 CRITICAL

A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file …

Mar 22, 2025
CVE-2025-30472
9.0 CRITICAL

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a …

Mar 22, 2025
CVE-2024-53351
9.8 CRITICAL

Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.

Mar 21, 2025
CVE-2025-29927
9.1 CRITICAL

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is …

Mar 21, 2025
CVE-2025-29814
9.3 CRITICAL

Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

Mar 21, 2025
CVE-2025-2538
9.8 CRITICAL

A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated …

Mar 20, 2025
CVE-2025-26853
10.0 CRITICAL

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.

Mar 20, 2025
CVE-2025-26852
10.0 CRITICAL

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.

Mar 20, 2025
CVE-2025-29980
9.8 CRITICAL

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as …

Mar 20, 2025
CVE-2025-29922
9.6 CRITICAL

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting …

Mar 20, 2025
CVE-2025-29411
9.8 CRITICAL

An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a …

Mar 20, 2025
CVE-2024-48590
9.8 CRITICAL

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.

Mar 20, 2025
CVE-2025-2311
9.0 CRITICAL

Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication …

Mar 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.