Search

Expected end of text, found '.' (at char 15), (line:1, col:16)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (310795 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59721 2025-09-20 N/A
Not used
CVE-2025-59722 2025-09-20 N/A
Not used
CVE-2025-59723 2025-09-20 N/A
Not used
CVE-2025-59724 2025-09-20 N/A
Not used
CVE-2025-59725 2025-09-20 N/A
Not used
CVE-2025-59726 2025-09-20 N/A
Not used
CVE-2025-59727 2025-09-20 N/A
Not used
CVE-2025-10652 2025-09-20 6.5 Medium
The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘module_id’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2025-57396 2025-09-19 6.5 Medium
Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escalate their privileges to the highest level.
CVE-2025-56762 2025-09-19 6.1 Medium
Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in error.php.
CVE-2025-54761 2025-09-19 8 High
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.
CVE-2025-52159 2025-09-19 8.8 High
Hardcoded credentials in default configuration of PPress 0.0.9.
CVE-2025-43808 2025-09-19 N/A
The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which allows remote attackers to access and download virtual products for free via a crafted URL.
CVE-2025-56706 1 Edimax 2 Br-6473ax, Br-6473ax Firmware 2025-09-19 8 High
Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function.
CVE-2025-10290 2 Apple, Mozilla 3 Ios, Firefox Focus, Focus For Ios 2025-09-19 6.5 Medium
Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS < 143.0.
CVE-2025-10527 2 Mozilla, Redhat 4 Firefox, Firefox Esr, Thunderbird and 1 more 2025-09-19 7.1 High
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
CVE-2025-10528 2 Mozilla, Redhat 4 Firefox, Firefox Esr, Thunderbird and 1 more 2025-09-19 7.3 High
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
CVE-2025-10529 2 Mozilla, Redhat 4 Firefox, Firefox Esr, Thunderbird and 1 more 2025-09-19 6.5 Medium
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
CVE-2025-10530 1 Mozilla 2 Firefox, Thunderbird 2025-09-19 6.5 Medium
This vulnerability affects Firefox < 143 and Thunderbird < 143.
CVE-2025-10531 1 Mozilla 2 Firefox, Thunderbird 2025-09-19 5.4 Medium
This vulnerability affects Firefox < 143 and Thunderbird < 143.