CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-6079
8.8 HIGH

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file …

Aug 16, 2025
CVE-2025-3671
8.8 HIGH

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via …

Aug 16, 2025
CVE-2024-12612
7.5 HIGH

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up …

Aug 16, 2025
CVE-2025-55284
7.5 HIGH

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and …

Aug 16, 2025
CVE-2025-8959
7.5 HIGH

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as …

Aug 15, 2025
CVE-2025-8675
8.8 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before …

Aug 15, 2025
CVE-2025-8361
7.6 HIGH

Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0.

Aug 15, 2025
CVE-2025-8092
7.6 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: …

Aug 15, 2025
CVE-2025-49898
7.6 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14.

Aug 15, 2025
CVE-2025-49897
8.8 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. This …

Aug 15, 2025
CVE-2025-5048
7.8 HIGH

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability …

Aug 15, 2025
CVE-2025-5047
7.8 HIGH

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause …

Aug 15, 2025
CVE-2025-5046
7.8 HIGH

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability …

Aug 15, 2025
CVE-2025-24975
7.1 HIGH

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If …

Aug 15, 2025
CVE-2025-9053
7.3 HIGH

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument …

Aug 15, 2025
CVE-2025-9052
7.3 HIGH

A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 …

Aug 15, 2025
CVE-2025-9051
7.3 HIGH

A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of …

Aug 15, 2025
CVE-2025-9050
7.3 HIGH

A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation of …

Aug 15, 2025
CVE-2025-1929
7.2 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi …

Aug 15, 2025
CVE-2025-9047
7.3 HIGH

A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument …

Aug 15, 2025
CVE-2025-9046
8.8 HIGH

A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads …

Aug 15, 2025
CVE-2025-9028
7.3 HIGH

A flaw has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /adphar.php. Executing manipulation of the argument …

Aug 15, 2025
CVE-2025-9027
7.3 HIGH

A vulnerability has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /addelivery.php. The manipulation of the argument …

Aug 15, 2025
CVE-2025-9026
7.3 HIGH

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The …

Aug 15, 2025
CVE-2025-9024
7.3 HIGH

A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation …

Aug 15, 2025
CVE-2025-9023
8.8 HIGH

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument …

Aug 15, 2025
CVE-2025-7650
7.5 HIGH

The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This …

Aug 15, 2025
CVE-2025-7641
7.5 HIGH

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint …

Aug 15, 2025
CVE-2025-9022
7.3 HIGH

A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation …

Aug 15, 2025
CVE-2025-9021
7.3 HIGH

A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of …

Aug 15, 2025
CVE-2025-9016
7.0 HIGH

A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell …

Aug 15, 2025
CVE-2025-9013
7.3 HIGH

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the …

Aug 15, 2025
CVE-2025-9012
7.3 HIGH

A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the argument …

Aug 15, 2025
CVE-2025-9011
7.3 HIGH

A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation …

Aug 15, 2025
CVE-2025-9010
7.3 HIGH

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_report.php. …

Aug 15, 2025
CVE-2025-9009
7.3 HIGH

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation …

Aug 15, 2025
CVE-2025-9008
7.3 HIGH

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/sms_setting.php. The manipulation …

Aug 15, 2025
CVE-2025-9007
8.8 HIGH

A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to …

Aug 15, 2025
CVE-2025-9006
8.8 HIGH

A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer …

Aug 15, 2025
CVE-2025-9002
7.3 HIGH

A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to …

Aug 15, 2025
CVE-2025-8342
8.1 HIGH

The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the …

Aug 15, 2025
CVE-2025-6025
7.5 HIGH

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is …

Aug 15, 2025
CVE-2025-9000
7.0 HIGH

A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. …

Aug 15, 2025
CVE-2025-8993
7.3 HIGH

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expense_report.php. The manipulation of …

Aug 15, 2025
CVE-2025-8990
7.3 HIGH

A vulnerability was determined in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /browsemdcn.php. The manipulation of the argument Search …

Aug 15, 2025
CVE-2025-8989
7.3 HIGH

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. This issue affects some unknown processing of the file /edit-phlebotomist.php. The manipulation of …

Aug 15, 2025
CVE-2025-8988
7.3 HIGH

A vulnerability has been found in SourceCodester COVID 19 Testing Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipulation of …

Aug 14, 2025
CVE-2025-8987
7.3 HIGH

A vulnerability was identified in SourceCodester COVID 19 Testing Management System 1.0. This affects an unknown part of the file /test-details.php. The manipulation of the …

Aug 14, 2025
CVE-2025-8986
7.3 HIGH

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /search-report-result.php. The …

Aug 14, 2025
CVE-2025-8985
7.3 HIGH

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The …

Aug 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.