CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-9322
7.5 HIGH

The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via …

Oct 25, 2025
CVE-2025-8416
7.5 HIGH

The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. …

Oct 25, 2025
CVE-2025-4203
7.5 HIGH

The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and including, …

Oct 25, 2025
CVE-2025-10488
8.1 HIGH

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation …

Oct 25, 2025
CVE-2025-12095
8.8 HIGH

The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due …

Oct 25, 2025
CVE-2025-11238
7.2 HIGH

The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 …

Oct 25, 2025
CVE-2025-60954
8.3 HIGH

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak …

Oct 24, 2025
CVE-2025-62716
8.1 HIGH

Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?next_path query parameter allows attackers to supply arbitrary schemes …

Oct 24, 2025
CVE-2025-60735
7.6 HIGH

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

Oct 24, 2025
CVE-2025-60731
7.6 HIGH

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function

Oct 24, 2025
CVE-2025-60730
7.6 HIGH

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

Oct 24, 2025
CVE-2025-60801
8.2 HIGH

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.

Oct 24, 2025
CVE-2025-60566
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter.

Oct 24, 2025
CVE-2025-60565
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule.

Oct 24, 2025
CVE-2025-60564
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog.

Oct 24, 2025
CVE-2025-60563
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr.

Oct 24, 2025
CVE-2025-60562
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey.

Oct 24, 2025
CVE-2025-60561
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.

Oct 24, 2025
CVE-2025-60559
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.

Oct 24, 2025
CVE-2025-60558
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ.

Oct 24, 2025
CVE-2025-60557
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard.

Oct 24, 2025
CVE-2025-60556
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1.

Oct 24, 2025
CVE-2025-60555
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode.

Oct 24, 2025
CVE-2025-60552
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup.

Oct 24, 2025
CVE-2025-60551
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.

Oct 24, 2025
CVE-2025-60550
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone.

Oct 24, 2025
CVE-2025-60549
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4.

Oct 24, 2025
CVE-2025-60547
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7.

Oct 24, 2025
CVE-2025-60938
7.5 HIGH

Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. …

Oct 24, 2025
CVE-2025-60572
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork.

Oct 24, 2025
CVE-2025-60571
7.5 HIGH

D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.

Oct 24, 2025
CVE-2025-60570
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.

Oct 24, 2025
CVE-2025-60569
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.

Oct 24, 2025
CVE-2025-60568
7.5 HIGH

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.

Oct 24, 2025
CVE-2025-43994
8.6 HIGH

Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could …

Oct 24, 2025
CVE-2025-11145
7.5 HIGH

Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware …

Oct 24, 2025
CVE-2025-46183
8.2 HIGH

The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may result in …

Oct 24, 2025
CVE-2025-10861
7.5 HIGH

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up …

Oct 24, 2025
CVE-2025-10680
8.8 HIGH

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

Oct 24, 2025
CVE-2025-12028
8.8 HIGH

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce …

Oct 24, 2025
CVE-2025-11889
7.2 HIGH

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the …

Oct 24, 2025
CVE-2025-11504
7.5 HIGH

The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This …

Oct 24, 2025
CVE-2025-62868
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue …

Oct 24, 2025
CVE-2025-62254
7.5 HIGH

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update …

Oct 23, 2025
CVE-2025-58429
7.5 HIGH

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService …

Oct 23, 2025
CVE-2025-62688
7.1 HIGH

An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials …

Oct 23, 2025
CVE-2025-62498
8.8 HIGH

A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity …

Oct 23, 2025
CVE-2025-61977
7.0 HIGH

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an …

Oct 23, 2025
CVE-2025-59500
7.7 HIGH

Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

Oct 23, 2025
CVE-2025-59273
7.3 HIGH

Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.

Oct 23, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.