36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Digiqole digiqole allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Sailing sailing allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Opal_WP ekommart ekommart allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster Elementor Addon jobmonster-addon allows PHP Local File …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Exhibz exhibz allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Select Core select-core allows PHP Local File Inclusion.This …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Blind SQL Injection.This issue affects …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Blind SQL Injection.This issue affects ArtPlacer …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue …
Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which …
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear …
matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values …
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows PHP Local File …
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North - Required Plugin north-plugin allows PHP Local …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows SQL Injection.This issue affects Image&Video …
Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of …
Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1.
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.
Cross-Site Request Forgery (CSRF) vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through …
Cross-Site Request Forgery (CSRF) vulnerability in Jupitercow WP sIFR wp-sifr allows Stored XSS.This issue affects WP sIFR: from n/a through <= 0.6.8.1.
Cross-Site Request Forgery (CSRF) vulnerability in Alex Furr PDF Creator Lite pdf-creator-lite allows Stored XSS.This issue affects PDF Creator Lite: from n/a through <= 1.2.
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access …
SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption …
Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single …
SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to …
An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by …
An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by …
An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by …
An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by …
An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by …
An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to …
An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to …
An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to …
An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to …
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow …
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST …
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated …
A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), JT Bi-Directional Translator for STEP (All versions), …
A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX …
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption …
Free website and port scanning — find vulnerabilities before attackers do.