CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-25763
9.8 CRITICAL

crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php

Mar 6, 2025
CVE-2025-25361
9.8 CRITICAL

An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml …

Mar 6, 2025
CVE-2024-12144
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Finder Fire Safety Finder ERP/CRM (Old System) allows SQL Injection.This issue …

Mar 6, 2025
CVE-2025-25632
9.8 CRITICAL

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.

Mar 5, 2025
CVE-2025-25362
9.8 CRITICAL

A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.

Mar 5, 2025
CVE-2025-27515
9.8 CRITICAL

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially …

Mar 5, 2025
CVE-2023-38693
9.8 CRITICAL

Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is …

Mar 5, 2025
CVE-2024-13147
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B …

Mar 5, 2025
CVE-2024-12097
9.8 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024.

Mar 5, 2025
CVE-2024-12281
9.8 CRITICAL

The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing …

Mar 5, 2025
CVE-2024-11951
9.8 CRITICAL

The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the …

Mar 5, 2025
CVE-2025-25015
9.9 CRITICAL

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and …

Mar 5, 2025
CVE-2025-1515
9.8 CRITICAL

The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to …

Mar 5, 2025
CVE-2024-13787
9.8 CRITICAL

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization …

Mar 5, 2025
CVE-2025-1393
9.8 CRITICAL

An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.

Mar 5, 2025
CVE-2025-27682
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005.

Mar 5, 2025
CVE-2025-27681
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004.

Mar 5, 2025
CVE-2025-27680
9.1 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004.

Mar 5, 2025
CVE-2025-27678
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001.

Mar 5, 2025
CVE-2025-27677
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002.

Mar 5, 2025
CVE-2025-27675
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Vulnerable OpenID Implementation V-2023-004.

Mar 5, 2025
CVE-2025-27674
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006.

Mar 5, 2025
CVE-2025-27673
9.1 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017.

Mar 5, 2025
CVE-2025-27672
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016.

Mar 5, 2025
CVE-2025-27671
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Device Impersonation OVE-20230524-0015.

Mar 5, 2025
CVE-2025-27670
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Signature Validation OVE-20230524-0014.

Mar 5, 2025
CVE-2025-27668
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012.

Mar 5, 2025
CVE-2025-27667
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-0011.

Mar 5, 2025
CVE-2025-27666
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010.

Mar 5, 2025
CVE-2025-27665
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Antivirus Protection and thus drivers can have known malicious code OVE-20230524-0009.

Mar 5, 2025
CVE-2025-27663
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.

Mar 5, 2025
CVE-2025-27662
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005.

Mar 5, 2025
CVE-2025-27661
9.1 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Session Fixation OVE-20230524-0004.

Mar 5, 2025
CVE-2025-27659
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows SQL Injection OVE-20230524-0002.

Mar 5, 2025
CVE-2025-27658
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Authentication Bypass OVE-20230524-0001.

Mar 5, 2025
CVE-2025-27657
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008.

Mar 5, 2025
CVE-2025-27656
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011.

Mar 5, 2025
CVE-2025-27655
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009.

Mar 5, 2025
CVE-2025-27652
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015.

Mar 5, 2025
CVE-2025-27651
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014.

Mar 5, 2025
CVE-2025-27650
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013.

Mar 5, 2025
CVE-2025-27649
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016.

Mar 5, 2025
CVE-2025-27648
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003.

Mar 5, 2025
CVE-2025-27647
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002.

Mar 5, 2025
CVE-2025-27646
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-001.

Mar 5, 2025
CVE-2025-27645
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005.

Mar 5, 2025
CVE-2025-27643
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006.

Mar 5, 2025
CVE-2025-27642
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008.

Mar 5, 2025
CVE-2025-27641
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009.

Mar 5, 2025
CVE-2025-27640
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012.

Mar 5, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.