36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially …
The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query …
Contributor PHP Object Injection in Avada <= 3.15.3 versions.
A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. …
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions …
In Nfc::eventCallback() of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with …
In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local …
In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of …
In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege …
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from …
In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to …
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation …
Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.
Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.
Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.
Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions.
Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.
Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.
Unauthenticated Local File Inclusion in Spike <= 1.2 versions.
Unauthenticated Local File Inclusion in Eros <= 1.3 versions.
Unauthenticated Local File Inclusion in Choreo <= 1.6 versions.
Unauthenticated Local File Inclusion in WineShop <= 3.17 versions.
Unauthenticated Local File Inclusion in Grecko <= 5.17 versions.
Unauthenticated Local File Inclusion in Snowy <= 1.13 versions.
Unauthenticated Local File Inclusion in Gita <= 1.11 versions.
Unauthenticated Local File Inclusion in Printo <= 1.11 versions.
Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
Unauthenticated Local File Inclusion in Medeus <= 1.14 versions.
Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions.
Unauthenticated Local File Inclusion in Quirky <= 1.23 versions.
Unauthenticated Local File Inclusion in Putter <= 1.17 versions.
Unauthenticated Local File Inclusion in Dom <= 1.24 versions.
Unauthenticated Local File Inclusion in Gat <= 1.16 versions.
Unauthenticated Local File Inclusion in Mission <= 1.22 versions.
Unauthenticated Local File Inclusion in Abelle <= 1.22 versions.
Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.
Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions.
Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.
Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions.
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.
Unauthenticated Local File Inclusion in Especio <= 1.0 versions.
Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.
Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.
Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions.
Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.
Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions.
Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions.
Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions.
Free website and port scanning — find vulnerabilities before attackers do.