Search

Expected end of text, found '.' (at char 43), (line:1, col:44)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (325364 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-55060 2025-12-31 6.1 Medium
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-66877 1 Libming 1 Libming 2025-12-31 7.5 High
Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.
CVE-2025-55063 2025-12-31 4.8 Medium
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55061 2025-12-31 8.8 High
CWE-434 Unrestricted Upload of File with Dangerous Type
CVE-2025-55062 2025-12-31 4.8 Medium
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55064 2025-12-31 4.8 Medium
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-67254 2025-12-31 7.5 High
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.
CVE-2025-67255 2025-12-31 8.8 High
In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.
CVE-2024-27480 2025-12-31 N/A
givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.
CVE-2024-25182 2025-12-31 N/A
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
CVE-2025-15208 2025-12-31 7.3 High
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-23458 2025-12-31 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rakessh Ads24 Lite allows Reflected XSS.This issue affects Ads24 Lite: from n/a through 1.0.
CVE-2025-69235 2025-12-31 7.5 High
Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.
CVE-2025-15229 2025-12-31 5.3 Medium
A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-30855 2025-12-31 8.8 High
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.
CVE-2025-15102 2025-12-31 9.1 Critical
DVP-12SE11T - Password Protection Bypass
CVE-2025-68499 2025-12-31 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through 2.2.12.
CVE-2025-66862 1 Gnu 1 Binutils 2025-12-31 7.5 High
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-68036 2025-12-31 7.5 High
Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through 1.1.27.
CVE-2025-69201 2025-12-31 N/A
Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent `POST api/command/run`. Version 1.15.1 fixes the issue.