37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Anotte anotte-wp allows PHP Local File Inclusion.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dahz Kitring kitring allows PHP Local File Inclusion.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Support Ticket support-ticket allows Reflected XSS.This issue affects Support Ticket: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Reflected XSS.This issue affects Ultra Portfolio: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp allows Reflected XSS.This issue affects Super Store Finder: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from …
Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3.
Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affects Simple Link Directory: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore upstore allows Reflected XSS.This issue affects UpStore: from n/a through <= …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-addon-visual-composer allows Reflected …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allows Reflected XSS.This …
Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through <= 2.6.0.
Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects SureDash: from n/a through <= 1.0.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Reflected XSS.This issue affects Simple Business …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris caliris-wp allows PHP Local File Inclusion.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin video-player-youtube-vimeo allows Reflected XSS.This …
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.This …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst rentsyst allows Reflected XSS.This issue affects Rentsyst: from n/a through <= …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects CM Map Locations: …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue …
Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify bookify allows Privilege Escalation.This issue affects Bookify: from n/a through <= 1.0.9.
Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a …
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead …
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization …
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization …
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function …
Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML …
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. …
Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption …
Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.
Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird …
Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for …
A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the …
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forget_password.php. Such manipulation …
A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This …
The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does …
A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID …
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.
n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form …
Free website and port scanning — find vulnerabilities before attackers do.