CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-29030
9.8 CRITICAL

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.

Mar 14, 2025
CVE-2025-29029
9.8 CRITICAL

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.

Mar 14, 2025
CVE-2025-2000
9.8 CRITICAL

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process …

Mar 14, 2025
CVE-2025-27595
9.8 CRITICAL

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts …

Mar 14, 2025
CVE-2025-27593
9.3 CRITICAL

The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target …

Mar 14, 2025
CVE-2025-2232
9.8 CRITICAL

The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up …

Mar 14, 2025
CVE-2024-13771
9.8 CRITICAL

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, …

Mar 14, 2025
CVE-2024-13824
9.8 CRITICAL

The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization …

Mar 14, 2025
CVE-2024-11286
9.8 CRITICAL

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin …

Mar 14, 2025
CVE-2024-11285
9.8 CRITICAL

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due …

Mar 14, 2025
CVE-2024-11284
9.8 CRITICAL

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due …

Mar 14, 2025
CVE-2025-26163
9.8 CRITICAL

CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter.

Mar 14, 2025
CVE-2025-2263
9.8 CRITICAL

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based …

Mar 13, 2025
CVE-2025-27138
9.8 CRITICAL

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter …

Mar 13, 2025
CVE-2025-25292
9.8 CRITICAL

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and …

Mar 12, 2025
CVE-2025-25291
9.8 CRITICAL

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and …

Mar 12, 2025
CVE-2025-27407
9.0 CRITICAL

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a …

Mar 12, 2025
CVE-2025-25568
9.8 CRITICAL

SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is …

Mar 12, 2025
CVE-2025-25567
9.8 CRITICAL

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a …

Mar 12, 2025
CVE-2025-25565
9.8 CRITICAL

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the …

Mar 12, 2025
CVE-2025-1960
9.8 CRITICAL

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password …

Mar 12, 2025
CVE-2025-22954
10.0 CRITICAL

GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.

Mar 12, 2025
CVE-2024-10838
9.1 CRITICAL

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers …

Mar 12, 2025
CVE-2024-13446
9.8 CRITICAL

The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to …

Mar 12, 2025
CVE-2025-28915
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit themeegg-toolkit allows Upload a Web Shell to a Web Server.This issue affects …

Mar 11, 2025
CVE-2025-26701
10.0 CRITICAL

An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to …

Mar 11, 2025
CVE-2025-24201
10.0 CRITICAL KEV

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, …

Mar 11, 2025
CVE-2024-54085
9.8 CRITICAL KEV

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this …

Mar 11, 2025
CVE-2025-27494
9.1 CRITICAL

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize …

Mar 11, 2025
CVE-2024-56336
9.8 CRITICAL

A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is …

Mar 11, 2025
CVE-2025-1550
9.8 CRITICAL

The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the …

Mar 11, 2025
CVE-2025-1661
9.8 CRITICAL

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 …

Mar 11, 2025
CVE-2025-25306
9.3 CRITICAL

Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields …

Mar 10, 2025
CVE-2025-24813
9.8 CRITICAL KEV

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet …

Mar 10, 2025
CVE-2025-25977
9.8 CRITICAL

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.

Mar 10, 2025
CVE-2025-25940
9.8 CRITICAL

VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java.

Mar 10, 2025
CVE-2025-26936
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injection.This issue affects Fresh Framework: from n/a through <= …

Mar 10, 2025
CVE-2025-26916
9.0 CRITICAL

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pixflow Massive Dynamic massive-dynamic.This issue affects Massive Dynamic: from …

Mar 10, 2025
CVE-2025-1497
9.8 CRITICAL

A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute …

Mar 10, 2025
CVE-2025-1945
9.8 CRITICAL

picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits …

Mar 10, 2025
CVE-2025-0177
9.8 CRITICAL

The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin …

Mar 8, 2025
CVE-2024-42733
9.8 CRITICAL

An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input

Mar 7, 2025
CVE-2024-53695
9.1 CRITICAL

A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory …

Mar 7, 2025
CVE-2024-50390
9.8 CRITICAL

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already …

Mar 7, 2025
CVE-2024-48864
9.1 CRITICAL

A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers …

Mar 7, 2025
CVE-2025-27603
9.1 CRITICAL

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code …

Mar 7, 2025
CVE-2025-1315
9.8 CRITICAL

The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due …

Mar 7, 2025
CVE-2024-12876
9.8 CRITICAL

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and …

Mar 7, 2025
CVE-2025-27816
9.8 CRITICAL

A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of …

Mar 7, 2025
CVE-2025-1475
9.8 CRITICAL

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification …

Mar 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.