Search

Expected end of text, found '.' (at char 13), (line:1, col:14)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (326466 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-67288 1 Umbraco 2 Umbraco, Umbraco Cms 2026-01-02 10 Critical
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself.
CVE-2025-67289 1 Frappe 2 Erpnext, Frappe 2026-01-02 9.6 Critical
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.
CVE-2025-67290 1 Dotnetfoundation 1 Piranha Cms 2026-01-02 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
CVE-2025-67291 1 Dotnetfoundation 1 Piranha Cms 2026-01-02 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
CVE-2025-67418 2 Clipbucket, Oxygenz 2 Clipbucket, Clipbucket 2026-01-02 9.8 Critical
ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application.
CVE-2025-35002 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-35001 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-35000 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34999 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34998 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34997 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34996 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34995 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34994 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34993 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34992 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34991 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34990 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34989 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34988 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.