Export limit exceeded: 339793 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (339793 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-34250 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34219 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34214 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34213 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34170 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34169 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34168 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34167 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34166 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34145 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34144 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34137 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34131 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34122 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34094 2026-01-02 N/A
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-67436 1 Pluxml 1 Pluxml 2026-01-02 6.5 Medium
Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).
CVE-2025-67442 1 Eve-ng 1 Eve-ng 2026-01-02 7.6 High
EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users.
CVE-2025-67443 1 Schlix 1 Cms 2026-01-02 6.1 Medium
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.
CVE-2025-68115 2 Parse Community, Parseplatform 2 Parse Server, Parse-server 2026-01-02 6.1 Medium
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available in versions 8.6.1 and 9.1.0-alpha.3, escapes user controlled values that are inserted into the HTML pages. No known workarounds are available.
CVE-2025-68116 1 Filerise 1 Filerise 2026-01-02 8.9 High
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG (primary) or HTML (secondary) file stored in a FileRise instance can cause JavaScript execution when a victim opens a generated share link (and in some cases via the direct download endpoint). This impacts share links (`/api/file/share.php`) and direct file access / download path (`/api/file/download.php`), depending on browser/content-type behavior. Version 2.7.1 fixes the issue.