CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-49037
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Federico Rota Authentication and xmlrpc log writer authentication-and-xmlrpc-log-writer allows Reflected XSS.This issue affects …

Aug 14, 2025
CVE-2025-49036
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local …

Aug 14, 2025
CVE-2025-49033
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : …

Aug 14, 2025
CVE-2025-48332
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This …

Aug 14, 2025
CVE-2025-47689
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Reflected XSS.This issue affects Video Blogster Lite: …

Aug 14, 2025
CVE-2025-47536
7.2 HIGH

Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0.

Aug 14, 2025
CVE-2025-3703
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local …

Aug 14, 2025
CVE-2025-39510
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest …

Aug 14, 2025
CVE-2025-32288
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local …

Aug 14, 2025
CVE-2025-31425
7.5 HIGH

Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from …

Aug 14, 2025
CVE-2025-31007
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 billplz-for-contact-form-7 allows Reflected XSS.This issue affects …

Aug 14, 2025
CVE-2025-30998
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects …

Aug 14, 2025
CVE-2025-30639
7.5 HIGH

Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.

Aug 14, 2025
CVE-2025-30635
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro idonate-pro allows PHP Local File Inclusion.This issue …

Aug 14, 2025
CVE-2025-30626
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.This …

Aug 14, 2025
CVE-2025-29014
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20.

Aug 14, 2025
CVE-2025-28999
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop …

Aug 14, 2025
CVE-2025-28979
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This …

Aug 14, 2025
CVE-2025-28975
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects …

Aug 14, 2025
CVE-2025-25172
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue …

Aug 14, 2025
CVE-2025-24766
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wproyal News Magazine X news-magazine-x allows PHP Local File …

Aug 14, 2025
CVE-2025-8955
7.3 HIGH

A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument …

Aug 14, 2025
CVE-2025-8954
7.3 HIGH

A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization …

Aug 14, 2025
CVE-2025-8953
7.3 HIGH

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The …

Aug 14, 2025
CVE-2025-8952
7.3 HIGH

A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of …

Aug 14, 2025
CVE-2025-54472
7.5 HIGH

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. …

Aug 14, 2025
CVE-2025-48862
7.1 HIGH

Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when …

Aug 14, 2025
CVE-2025-48860
8.0 HIGH

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives …

Aug 14, 2025
CVE-2025-8951
7.3 HIGH

A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the …

Aug 14, 2025
CVE-2025-8950
7.3 HIGH

A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacancy. The manipulation of the …

Aug 14, 2025
CVE-2025-8949
7.2 HIGH

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The …

Aug 14, 2025
CVE-2025-8948
7.3 HIGH

A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid …

Aug 14, 2025
CVE-2025-8947
7.3 HIGH

A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument …

Aug 14, 2025
CVE-2025-8946
7.3 HIGH

A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the …

Aug 14, 2025
CVE-2025-8940
8.8 HIGH

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of …

Aug 14, 2025
CVE-2025-8939
8.8 HIGH

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed …

Aug 14, 2025
CVE-2025-8936
7.3 HIGH

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation …

Aug 14, 2025
CVE-2025-8935
7.3 HIGH

A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation …

Aug 14, 2025
CVE-2025-8932
7.3 HIGH

A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument …

Aug 14, 2025
CVE-2025-55197
7.5 HIGH

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being …

Aug 13, 2025
CVE-2025-8926
7.3 HIGH

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The …

Aug 13, 2025
CVE-2025-43988
7.5 HIGH

KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials.

Aug 13, 2025
CVE-2025-8925
7.3 HIGH

A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument …

Aug 13, 2025
CVE-2025-8924
7.3 HIGH

A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the …

Aug 13, 2025
CVE-2025-8923
7.3 HIGH

A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads …

Aug 13, 2025
CVE-2025-8922
7.3 HIGH

A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads …

Aug 13, 2025
CVE-2025-8921
7.3 HIGH

A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of …

Aug 13, 2025
CVE-2025-8904
8.5 HIGH

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this …

Aug 13, 2025
CVE-2025-8754
7.5 HIGH

Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14.

Aug 13, 2025
CVE-2025-7739
8.7 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to …

Aug 13, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.