46976+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the …
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load() to load model weight files …
A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component …
A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation …
Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4. pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is …
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url preferences were passed to …
Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names (database, schema, table, column, etc.) were assigned …
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can …
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items …
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages …
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form …
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit …
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit …
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered …
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user (EX: Content Editor with only pages.update permissions) can bypass the existing Twig sandbox …
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to …
docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.
docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php.
docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application.
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …
A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. …
A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation …
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation …
Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended …
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability …
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged …
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission …
In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into …
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An …
The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of …
The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:[email protected]:9200`), wrote the full host URL — including the embedded …
The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:[email protected]:9200`), wrote the full host URL — including the embedded …
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a …
Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection …
A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function do_directory of the file cramfsck.c of the component Directory …
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. It …
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command …
A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command …
A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead …
A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf_nsmf_handle_create_sm_context of the component SMF. Performing a manipulation results in denial of …
A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI_list_create of the component SMF. Such manipulation leads to denial …
A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of …
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results …
Free website and port scanning — find vulnerabilities before attackers do.