CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-27782
9.8 CRITICAL

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary …

Mar 19, 2025
CVE-2025-27781
9.8 CRITICAL

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. `model_file` in inference.py as well as `model_file` in …

Mar 19, 2025
CVE-2025-27780
9.8 CRITICAL

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in model_information.py. `model_name` in model_information.py takes user-supplied input (e.g. a …

Mar 19, 2025
CVE-2025-27779
9.8 CRITICAL

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `model_blender.py` lines 20 and 21. `model_fusion_a` and `model_fusion_b` from …

Mar 19, 2025
CVE-2025-27778
9.8 CRITICAL

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `infer.py`. The issue can lead to remote code execution. …

Mar 19, 2025
CVE-2024-57061
9.8 CRITICAL

An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration.

Mar 19, 2025
CVE-2025-29926
9.8 CRITICAL

XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new …

Mar 19, 2025
CVE-2025-29783
9.0 CRITICAL

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP …

Mar 19, 2025
CVE-2025-29401
9.8 CRITICAL

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.

Mar 19, 2025
CVE-2025-29137
9.8 CRITICAL

Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.

Mar 19, 2025
CVE-2025-2512
9.8 CRITICAL

The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the …

Mar 19, 2025
CVE-2024-13442
9.8 CRITICAL

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is …

Mar 19, 2025
CVE-2024-13790
9.8 CRITICAL

The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, …

Mar 19, 2025
CVE-2024-13410
9.8 CRITICAL

The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions …

Mar 19, 2025
CVE-2024-12922
9.8 CRITICAL

The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within …

Mar 19, 2025
CVE-2024-11131
9.8 CRITICAL

A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models …

Mar 19, 2025
CVE-2024-10442
10.0 CRITICAL

Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote …

Mar 19, 2025
CVE-2024-10441
9.8 CRITICAL

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before …

Mar 19, 2025
CVE-2025-30139
9.8 CRITICAL

An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials …

Mar 18, 2025
CVE-2025-30137
9.8 CRITICAL

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application …

Mar 18, 2025
CVE-2025-21619
9.8 CRITICAL

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability …

Mar 18, 2025
CVE-2025-25595
9.8 CRITICAL

A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack.

Mar 18, 2025
CVE-2024-56347
9.6 CRITICAL

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.

Mar 18, 2025
CVE-2024-56346
10.0 CRITICAL

IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.

Mar 18, 2025
CVE-2024-57169
9.8 CRITICAL

A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote …

Mar 18, 2025
CVE-2025-30132
9.1 CRITICAL

An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During …

Mar 18, 2025
CVE-2025-30123
9.8 CRITICAL

An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to …

Mar 18, 2025
CVE-2025-30122
9.8 CRITICAL

An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for …

Mar 18, 2025
CVE-2025-30115
9.8 CRITICAL

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and …

Mar 18, 2025
CVE-2025-30114
9.1 CRITICAL

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on …

Mar 18, 2025
CVE-2025-30113
9.8 CRITICAL

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The …

Mar 18, 2025
CVE-2024-8997
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration …

Mar 18, 2025
CVE-2023-47539
9.8 CRITICAL

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin …

Mar 18, 2025
CVE-2025-2494
9.8 CRITICAL

Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ …

Mar 18, 2025
CVE-2024-23943
9.1 CRITICAL

An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. …

Mar 18, 2025
CVE-2025-29913
9.8 CRITICAL

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the …

Mar 17, 2025
CVE-2025-29912
9.8 CRITICAL

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the …

Mar 17, 2025
CVE-2025-29911
9.8 CRITICAL

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the …

Mar 17, 2025
CVE-2025-29909
9.8 CRITICAL

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the …

Mar 17, 2025
CVE-2025-25914
9.8 CRITICAL

SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter

Mar 17, 2025
CVE-2025-25650
9.1 CRITICAL

An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass …

Mar 17, 2025
CVE-2024-12992
9.8 CRITICAL

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 …

Mar 17, 2025
CVE-2025-2395
9.8 CRITICAL

The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in …

Mar 17, 2025
CVE-2025-2345
9.8 CRITICAL

A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an …

Mar 16, 2025
CVE-2025-26875
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows SQL …

Mar 15, 2025
CVE-2025-1771
9.8 CRITICAL

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. …

Mar 15, 2025
CVE-2025-29386
9.8 CRITICAL

In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Mar 14, 2025
CVE-2025-29385
9.8 CRITICAL

In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Mar 14, 2025
CVE-2025-29384
9.8 CRITICAL

In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Mar 14, 2025
CVE-2025-29031
9.8 CRITICAL

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.

Mar 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.