36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This …
Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through <= 1.3.7.
Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.
CWE-434 Unrestricted Upload of File with Dangerous Type
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP cookiehint-wp allows PHP Local File …
Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.
An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads …
Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is …
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in councilsoft Content Grid Slider content-grid-slider allows Reflected XSS.This issue affects Content Grid Slider: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce CedCommerce Integration for Good Market ced-good-market-integration allows PHP …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect invelity-sps-connect allows Reflected XSS.This issue affects Invelity SPS connect: …
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the …
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url …
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the …
A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument …
A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such …
A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This …
A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument …
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of …
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the …
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing …
A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. …
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based …
A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The …
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files.
A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The …
Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 3.0.1
Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: from 3.0 before 3.0.1
The Plugin Organizer WordPress plugin before 10.2.4 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers to perform …
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID …
A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument …
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument …
A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation …
A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page …
A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument …
Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP …
A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing a manipulation of the …
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results …
A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads …
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted …
Free website and port scanning — find vulnerabilities before attackers do.