CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-49031
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefan M. SMu Manual DoFollow manuall-dofollow allows Reflected XSS.This issue affects SMu Manual …

Jul 16, 2025
CVE-2025-48345
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft Contact Form 7 Editor Button cf7-editor-button allows Reflected XSS.This issue affects Contact …

Jul 16, 2025
CVE-2025-48291
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Stored XSS.This issue affects …

Jul 16, 2025
CVE-2025-47652
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a …

Jul 16, 2025
CVE-2025-47645
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic …

Jul 16, 2025
CVE-2025-47554
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress css3_web_pricing_tables_grids allows Reflected XSS.This issue affects …

Jul 16, 2025
CVE-2025-46500
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Reflected XSS.This issue affects Wordpress Auto Spinner: …

Jul 16, 2025
CVE-2025-32574
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: from n/a …

Jul 16, 2025
CVE-2025-31427
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Business Theme invico allows Reflected XSS.This issue affects …

Jul 16, 2025
CVE-2025-31422
8.8 HIGH

Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: …

Jul 16, 2025
CVE-2025-31072
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consulting Theme ofiz allows Reflected XSS.This issue affects …

Jul 16, 2025
CVE-2025-31070
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbg-cleverbakery allows Path …

Jul 16, 2025
CVE-2025-31055
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service WordPress electrician allows Reflected XSS.This issue affects Electrician …

Jul 16, 2025
CVE-2025-30955
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy listingeasy allows Reflected XSS.This issue affects ListingEasy: from n/a through <= …

Jul 16, 2025
CVE-2025-29000
7.5 HIGH

Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form: …

Jul 16, 2025
CVE-2025-28965
8.6 HIGH

Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects URL Shortener: from n/a …

Jul 16, 2025
CVE-2025-28955
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FWDesign Easy Video Player Wordpress & WooCommerce fwdevp allows Path Traversal.This issue …

Jul 16, 2025
CVE-2025-24779
8.8 HIGH

Deserialization of Untrusted Data vulnerability in NooTheme Yogi yogi allows Object Injection.This issue affects Yogi: from n/a through < 2.9.3.

Jul 16, 2025
CVE-2025-24777
8.8 HIGH

Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7.

Jul 16, 2025
CVE-2025-54043
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for Amazon SES smtp-amazon-ses allows SQL Injection.This issue affects …

Jul 16, 2025
CVE-2025-54026
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes gymbase_classes allows SQL Injection.This issue affects GymBase …

Jul 16, 2025
CVE-2025-53990
7.2 HIGH

Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Object Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.1.2.

Jul 16, 2025
CVE-2025-48301
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid – YaySMTP smtp-sendgrid allows SQL Injection.This issue …

Jul 16, 2025
CVE-2025-48299
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra yayextra allows SQL Injection.This issue affects YayExtra: from n/a …

Jul 16, 2025
CVE-2025-48161
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP smtp-sendinblue allows SQL Injection.This issue affects YaySMTP: from n/a …

Jul 16, 2025
CVE-2025-48153
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images import-cdn-remote-images allows Stored XSS.This issue affects Import CDN-Remote Images: from n/a through <= 2.1.2.

Jul 16, 2025
CVE-2025-6993
7.5 HIGH

The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to …

Jul 16, 2025
CVE-2025-7359
8.2 HIGH

The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function …

Jul 16, 2025
CVE-2025-6043
8.1 HIGH

The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability …

Jul 16, 2025
CVE-2025-52690
8.1 HIGH

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and …

Jul 16, 2025
CVE-2025-2800
7.2 HIGH

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘organizer_name' parameter …

Jul 16, 2025
CVE-2025-53028
8.2 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high …

Jul 15, 2025
CVE-2025-53027
8.2 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high …

Jul 15, 2025
CVE-2025-53024
8.2 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high …

Jul 15, 2025
CVE-2025-50106
8.1 HIGH

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are …

Jul 15, 2025
CVE-2025-50105
8.1 HIGH

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable …

Jul 15, 2025
CVE-2025-50069
7.7 HIGH

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged …

Jul 15, 2025
CVE-2025-50063
7.3 HIGH

Vulnerability in Oracle Java SE (component: Install). The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker …

Jul 15, 2025
CVE-2025-50062
8.1 HIGH

Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.51 …

Jul 15, 2025
CVE-2025-50060
8.1 HIGH

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable …

Jul 15, 2025
CVE-2025-50059
8.6 HIGH

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are …

Jul 15, 2025
CVE-2025-49828
8.8 HIGH

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 …

Jul 15, 2025
CVE-2025-30762
7.5 HIGH

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable …

Jul 15, 2025
CVE-2025-30751
8.8 HIGH

Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged …

Jul 15, 2025
CVE-2025-30749
8.1 HIGH

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are …

Jul 15, 2025
CVE-2025-30744
8.1 HIGH

Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Multiplatform Sync Errors). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable …

Jul 15, 2025
CVE-2025-30743
8.1 HIGH

Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Internal Operations). The supported version that is affected is 12.2.13. Easily …

Jul 15, 2025
CVE-2025-41239
7.1 HIGH

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor …

Jul 15, 2025
CVE-2025-7657
8.8 HIGH

Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jul 15, 2025
CVE-2025-7656
8.8 HIGH

Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Jul 15, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.