CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-0247
9.8 CRITICAL

Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough …

Jan 7, 2025
CVE-2024-55556
9.8 CRITICAL

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the …

Jan 7, 2025
CVE-2024-56290
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows SQL …

Jan 7, 2025
CVE-2024-56284
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows SQL Injection.This issue affects …

Jan 7, 2025
CVE-2024-56278
9.1 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate …

Jan 7, 2025
CVE-2024-49649
9.8 CRITICAL

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File …

Jan 7, 2025
CVE-2024-49222
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Object Injection.This issue affects WPGuppy: from n/a through <= 1.1.0.

Jan 7, 2025
CVE-2024-43243
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in themeglow JobBoard Job listing job-board-light allows Upload a Web Shell to a Web Server.This issue affects …

Jan 7, 2025
CVE-2024-8855
9.8 CRITICAL

The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and …

Jan 7, 2025
CVE-2024-12470
9.8 CRITICAL

The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due …

Jan 7, 2025
CVE-2024-12264
9.8 CRITICAL

The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token …

Jan 7, 2025
CVE-2024-12252
9.8 CRITICAL

The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in …

Jan 7, 2025
CVE-2024-12402
9.8 CRITICAL

The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in …

Jan 7, 2025
CVE-2024-53932
9.1 CRITICAL

The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user …

Jan 6, 2025
CVE-2024-53931
9.1 CRITICAL

The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user …

Jan 6, 2025
CVE-2024-56828
9.8 CRITICAL

File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as …

Jan 6, 2025
CVE-2024-55529
9.8 CRITICAL

Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.

Jan 6, 2025
CVE-2024-54880
9.1 CRITICAL

SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in …

Jan 6, 2025
CVE-2024-54879
9.1 CRITICAL

SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.

Jan 6, 2025
CVE-2024-46622
9.8 CRITICAL

An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before …

Jan 6, 2025
CVE-2025-21613
9.8 CRITICAL

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful …

Jan 6, 2025
CVE-2024-5594
9.1 CRITICAL

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in …

Jan 6, 2025
CVE-2024-20148
9.8 CRITICAL

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution …

Jan 6, 2025
CVE-2024-12583
9.9 CRITICAL

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 …

Jan 4, 2025
CVE-2025-21609
9.1 CRITICAL

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST …

Jan 3, 2025
CVE-2024-55507
9.8 CRITICAL

An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.

Jan 3, 2025
CVE-2024-55078
9.8 CRITICAL

An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file.

Jan 3, 2025
CVE-2024-9140
9.8 CRITICAL

Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly …

Jan 3, 2025
CVE-2025-22275
9.3 CRITICAL

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur …

Jan 3, 2025
CVE-2024-53842
9.8 CRITICAL

In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution …

Jan 3, 2025
CVE-2024-56249
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: …

Jan 2, 2025
CVE-2024-56829
10.0 CRITICAL

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a …

Jan 2, 2025
CVE-2024-56066
9.8 CRITICAL

Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through <= 1.0.23.

Dec 31, 2024
CVE-2024-56045
9.3 CRITICAL

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.

Dec 31, 2024
CVE-2024-56044
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9.

Dec 31, 2024
CVE-2024-56043
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9.

Dec 31, 2024
CVE-2024-56040
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through <= 1.9.9.4.1.

Dec 31, 2024
CVE-2024-56205
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affects AI Magic: from n/a through <= 1.0.4.

Dec 31, 2024
CVE-2024-56071
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0.

Dec 31, 2024
CVE-2024-56064
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP …

Dec 31, 2024
CVE-2024-56046
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from …

Dec 31, 2024
CVE-2024-56042
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a …

Dec 31, 2024
CVE-2024-56039
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a …

Dec 31, 2024
CVE-2024-13061
9.8 CRITICAL

The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used …

Dec 31, 2024
CVE-2024-12108
9.6 CRITICAL

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.

Dec 31, 2024
CVE-2024-12106
9.4 CRITICAL

In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.

Dec 31, 2024
CVE-2024-56220
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.6.0.

Dec 31, 2024
CVE-2024-11972
9.8 CRITICAL

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion …

Dec 31, 2024
CVE-2024-56801
9.8 CRITICAL

Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability.

Dec 30, 2024
CVE-2024-56799
10.0 CRITICAL

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, …

Dec 30, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.