CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-49438
8.1 HIGH

Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3.

Aug 20, 2025
CVE-2025-49436
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Anotte anotte-wp allows PHP Local File Inclusion.This issue …

Aug 20, 2025
CVE-2025-49428
7.5 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a …

Aug 20, 2025
CVE-2025-49426
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dahz Kitring kitring allows PHP Local File Inclusion.This issue …

Aug 20, 2025
CVE-2025-49424
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Support Ticket support-ticket allows Reflected XSS.This issue affects Support Ticket: from n/a …

Aug 20, 2025
CVE-2025-49420
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Reflected XSS.This issue affects Ultra Portfolio: from n/a …

Aug 20, 2025
CVE-2025-49413
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp allows Reflected XSS.This issue affects Super Store Finder: …

Aug 20, 2025
CVE-2025-49411
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from …

Aug 20, 2025
CVE-2025-49406
8.5 HIGH

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.

Aug 20, 2025
CVE-2025-49399
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3.

Aug 20, 2025
CVE-2025-49382
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: …

Aug 20, 2025
CVE-2025-48302
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue …

Aug 20, 2025
CVE-2025-48298
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local …

Aug 20, 2025
CVE-2025-48297
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affects Simple Link Directory: …

Aug 20, 2025
CVE-2025-48296
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore upstore allows Reflected XSS.This issue affects UpStore: from n/a through <= …

Aug 20, 2025
CVE-2025-48171
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This …

Aug 20, 2025
CVE-2025-48170
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-addon-visual-composer allows Reflected …

Aug 20, 2025
CVE-2025-48168
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allows Reflected XSS.This …

Aug 20, 2025
CVE-2025-48165
8.8 HIGH

Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through <= 2.6.0.

Aug 20, 2025
CVE-2025-48164
8.8 HIGH

Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects SureDash: from n/a through <= 1.0.3.

Aug 20, 2025
CVE-2025-48163
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support …

Aug 20, 2025
CVE-2025-48162
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Reflected XSS.This issue affects Simple Business …

Aug 20, 2025
CVE-2025-48160
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris caliris-wp allows PHP Local File Inclusion.This issue …

Aug 20, 2025
CVE-2025-48159
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin video-player-youtube-vimeo allows Reflected XSS.This …

Aug 20, 2025
CVE-2025-48158
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue …

Aug 20, 2025
CVE-2025-48157
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This …

Aug 20, 2025
CVE-2025-48154
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.This …

Aug 20, 2025
CVE-2025-48152
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst rentsyst allows Reflected XSS.This issue affects Rentsyst: from n/a through <= …

Aug 20, 2025
CVE-2025-48151
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects CM Map Locations: …

Aug 20, 2025
CVE-2025-48149
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue …

Aug 20, 2025
CVE-2025-48142
8.8 HIGH

Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify bookify allows Privilege Escalation.This issue affects Bookify: from n/a through <= 1.0.9.

Aug 20, 2025
CVE-2025-30975
7.5 HIGH

Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a …

Aug 20, 2025
CVE-2025-28977
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a …

Aug 20, 2025
CVE-2025-57790
8.8 HIGH

A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead …

Aug 20, 2025
CVE-2025-8289
7.5 HIGH

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization …

Aug 20, 2025
CVE-2025-8145
8.8 HIGH

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization …

Aug 20, 2025
CVE-2025-8141
8.8 HIGH

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function …

Aug 20, 2025
CVE-2025-9132
8.8 HIGH

Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML …

Aug 20, 2025
CVE-2025-9185
8.1 HIGH

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. …

Aug 19, 2025
CVE-2025-9184
8.1 HIGH

Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption …

Aug 19, 2025
CVE-2025-9182
7.5 HIGH

Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.

Aug 19, 2025
CVE-2025-9180
8.1 HIGH

Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird …

Aug 19, 2025
CVE-2025-55029
7.5 HIGH

Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for …

Aug 19, 2025
CVE-2025-9156
7.3 HIGH

A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the …

Aug 19, 2025
CVE-2025-9155
7.3 HIGH

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forget_password.php. Such manipulation …

Aug 19, 2025
CVE-2025-9154
7.3 HIGH

A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This …

Aug 19, 2025
CVE-2025-50891
7.2 HIGH

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does …

Aug 19, 2025
CVE-2025-9150
7.3 HIGH

A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID …

Aug 19, 2025
CVE-2025-8450
8.2 HIGH

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.

Aug 19, 2025
CVE-2025-52478
8.7 HIGH

n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form …

Aug 19, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.