CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-58676
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER horizontal-slider allows Stored XSS.This issue affects HORIZONTAL SLIDER: from n/a through <= 2.4.

Sep 22, 2025
CVE-2025-58671
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in morganrichards Auction Feed auction-feed allows Stored XSS.This issue affects Auction Feed: from n/a …

Sep 22, 2025
CVE-2025-58670
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Shankaranand Maurya WP Content Protection wp-content-protection allows Stored XSS.This issue affects WP Content Protection: from n/a through <= 1.3.

Sep 22, 2025
CVE-2025-58662
7.2 HIGH

Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support awesome-support allows Object Injection.This issue affects Awesome Support: from n/a through <= 6.3.5.

Sep 22, 2025
CVE-2025-58657
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in EdwardBock Grid grid allows Stored XSS.This issue affects Grid: from n/a through <= 2.3.1.

Sep 22, 2025
CVE-2025-58270
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Cross Site Request Forgery.This issue affects NIX Anti-Spam Light: from n/a …

Sep 22, 2025
CVE-2025-58268
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator wpmk-pdf-generator allows Stored XSS.This issue affects WPMK PDF Generator: from n/a through <= 1.0.1.

Sep 22, 2025
CVE-2025-58267
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Aftabul Islam Stock Message stock-message allows Stored XSS.This issue affects Stock Message: from n/a through <= 1.1.0.

Sep 22, 2025
CVE-2025-58262
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in WPDirectoryKit Sweet Energy Efficiency sweet-energy-efficiency allows Stored XSS.This issue affects Sweet Energy Efficiency: from n/a through <= 1.0.8.

Sep 22, 2025
CVE-2025-58261
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection mavis-https-to-http-redirect allows Stored XSS.This issue affects Mavis HTTPS to HTTP Redirection: …

Sep 22, 2025
CVE-2025-58259
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri nokri allows Cross Site Request Forgery.This issue affects Nokri: from n/a through <= 1.6.4.

Sep 22, 2025
CVE-2025-58250
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo fingo allows Authentication Bypass.This issue affects Findgo: from n/a through <= 1.3.55.

Sep 22, 2025
CVE-2025-58244
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through <= 4.3.9.

Sep 22, 2025
CVE-2025-58013
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 4.5.0.

Sep 22, 2025
CVE-2025-57977
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoices …

Sep 22, 2025
CVE-2025-57968
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Reflected XSS.This issue affects VikRestaurants: from n/a through <= …

Sep 22, 2025
CVE-2025-57925
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart Team immonex-kickstart-team allows PHP Local File …

Sep 22, 2025
CVE-2025-57919
7.2 HIGH

Deserialization of Untrusted Data vulnerability in ConveyThis ConveyThis conveythis-translate allows Object Injection.This issue affects ConveyThis: from n/a through <= 269.1.

Sep 22, 2025
CVE-2025-57918
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude linkedinclude allows Stored XSS.This issue affects LinkedInclude: from n/a through <= 3.0.4.

Sep 22, 2025
CVE-2025-57685
8.8 HIGH

The LB-Link routers, including the BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3 models, are vulnerable to unauthorized command injection. …

Sep 22, 2025
CVE-2025-53468
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in [email protected] Wp tabber widget wp-tabber-widget allows SQL Injection.This issue affects Wp …

Sep 22, 2025
CVE-2025-53465
7.2 HIGH

Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector sheetlink allows Object Injection.This issue affects GSheets Connector: from n/a through <= 1.1.1.

Sep 22, 2025
CVE-2025-53450
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP easy-pricing-table-wp allows PHP Local …

Sep 22, 2025
CVE-2025-10811
7.3 HIGH

A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/mod_comments/index.php?view=view. Executing manipulation of the argument …

Sep 22, 2025
CVE-2025-10810
7.3 HIGH

A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of …

Sep 22, 2025
CVE-2025-59420
7.5 HIGH

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical …

Sep 22, 2025
CVE-2025-57440
7.5 HIGH

The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting …

Sep 22, 2025
CVE-2025-57439
8.8 HIGH

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into …

Sep 22, 2025
CVE-2025-55888
7.3 HIGH

Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript …

Sep 22, 2025
CVE-2025-43953
8.8 HIGH

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on …

Sep 22, 2025
CVE-2025-10809
7.3 HIGH

A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. The affected element is an unknown function of the file /admin/department.php. Such …

Sep 22, 2025
CVE-2025-10808
7.3 HIGH

A weakness has been identified in Campcodes Farm Management System 1.0. Impacted is an unknown function of the file /uploadProduct.php. This manipulation of the argument …

Sep 22, 2025
CVE-2025-59335
7.1 HIGH

CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a user's password change. This oversight …

Sep 22, 2025
CVE-2025-57434
8.8 HIGH

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox …

Sep 22, 2025
CVE-2025-57431
8.8 HIGH

The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails …

Sep 22, 2025
CVE-2025-57605
8.8 HIGH

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins …

Sep 22, 2025
CVE-2025-57430
7.5 HIGH

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, …

Sep 22, 2025
CVE-2025-36202
7.5 HIGH

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper …

Sep 22, 2025
CVE-2025-35041
7.5 HIGH

Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials …

Sep 22, 2025
CVE-2025-10803
8.8 HIGH

A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the …

Sep 22, 2025
CVE-2025-10802
7.3 HIGH

A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument …

Sep 22, 2025
CVE-2025-51006
7.8 HIGH

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the …

Sep 22, 2025
CVE-2025-10801
7.3 HIGH

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/edit_tax.php. The manipulation of …

Sep 22, 2025
CVE-2025-10800
7.3 HIGH

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of …

Sep 22, 2025
CVE-2025-10854
8.1 HIGH

The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by …

Sep 22, 2025
CVE-2025-10799
7.3 HIGH

A security flaw has been discovered in code-projects Hostel Management System 1.0. The affected element is an unknown function of the file /justines/admin/mod_reservation/index.php?view=view. Performing manipulation …

Sep 22, 2025
CVE-2025-10798
7.3 HIGH

A vulnerability was identified in code-projects Hostel Management System 1.0. Impacted is an unknown function of the file /justines/admin/mod_roomtype/index.php?view=view. Such manipulation of the argument ID …

Sep 22, 2025
CVE-2025-10797
7.3 HIGH

A vulnerability was determined in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /justines/index.php. This manipulation of the argument …

Sep 22, 2025
CVE-2025-10796
7.3 HIGH

A vulnerability was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /justines/admin/login.php. The manipulation of the argument email …

Sep 22, 2025
CVE-2025-10795
7.3 HIGH

A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument …

Sep 22, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.