Discover Vulnerabilities Now!

Vulnerabilities
---
Vendors
---
Products
---
Vulnerability Media Exposure
These listed vulnerabilities have been referenced across multiple public sources, indicating high media attention and potential significance.
CVE-2025-21043
Severity
HIGH

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

CVE-2025-54236
Severity
CRITICAL

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

adobe:commerce
adobe:commerce_b2b
adobe:magento
CVE-2025-43272
Severity
MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.

apple:safari
apple:ipados
apple:iphone_os
apple:macos
apple:visionos
apple:watchos
CVE-2025-10200
Severity
HIGH

Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Newly recorded security issues per week
Stay up to date! New information is added to our knowledge database every day. Here you can see the history of newly added vulnerabilities that have been added to our CVE DB in recent years.
Vulnerabilities by severity (over the last 7 days)
Information about the vulnerabilities of the last 7 days can be found here. As you can see, critical vulnerabilities are also added on a daily basis. Therefore, validate your current security situation sets on a daily basis to ensure the security of your IT.
CVSS Score Distribution
The CVSS score rates security vulnerabilities from 0 to 10, based on factors like attack vectors and impacts on confidentiality, integrity, and availability.
EPSS Score Distribution
The EPSS score predicts the likelihood of a known vulnerability being exploited, complementing CVSS by assessing real-world exploitability based on threat activity and exploit availability.
Latest Vulnerability Reports
The 10 most recently published CVE reports.
  • CVE-2025-0168

    Severity
    MEDIUM

    A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /_parse/_feedback_system.php. The manipulation of the argument person leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

    anisha:job_recruitment
  • CVE-2025-22214

    Severity
    MEDIUM

    Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.

  • CVE-2025-0171

    Severity
    MEDIUM

    A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    code-projects:chat_system
  • CVE-2025-0172

    Severity
    MEDIUM

    A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deleteroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    code-projects:chat_system
  • CVE-2025-0173

    Severity
    MEDIUM

    A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /orders/view_order.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

    oretnom23:online_eyewear_shop
  • CVE-2025-0174

    Severity
    MEDIUM

    A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /user/search_result2.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

    code-projects:point_of_sales_and_inventory_management_system
  • CVE-2025-0175

    Severity
    LOW

    A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    anisha:online_shop
  • CVE-2025-0176

    Severity
    MEDIUM

    A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/add_cart.php. The manipulation of the argument id/qty leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    code-projects:point_of_sales_and_inventory_management_system
  • CVE-2025-22275

    Severity
    CRITICAL

    iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.

    iterm2:iterm2
  • CVE-2025-21609

    Severity
    CRITICAL

    SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19.

    b3log:siyuan