36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by …
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions.
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist …
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any …
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site …
ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to …
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue …
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
Free website and port scanning — find vulnerabilities before attackers do.