CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-52776
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thanhtungtnt Video List Manager video-list-manager allows Stored XSS.This issue affects Video List Manager: …

Jul 4, 2025
CVE-2025-52718
7.2 HIGH

Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through <= 7.8.2.

Jul 4, 2025
CVE-2025-4414
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File …

Jul 4, 2025
CVE-2025-49870
7.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid …

Jul 4, 2025
CVE-2025-49866
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie …

Jul 4, 2025
CVE-2025-49418
7.2 HIGH

Server-Side Request Forgery (SSRF) vulnerability in TeconceTheme Allmart allmart-core allows Server Side Request Forgery.This issue affects Allmart: from n/a through <= 1.0.0.

Jul 4, 2025
CVE-2025-49274
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awordpresslife Neom Blog neom-blog allows Reflected XSS.This issue affects Neom Blog: from n/a …

Jul 4, 2025
CVE-2025-49247
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Team Showcase team-showcase-cm allows DOM-Based XSS.This issue affects Team Showcase: from n/a …

Jul 4, 2025
CVE-2025-49245
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Testimonials Showcase testimonials-showcase allows Reflected XSS.This issue affects Testimonials Showcase: from n/a …

Jul 4, 2025
CVE-2025-49070
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue …

Jul 4, 2025
CVE-2025-47627
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File …

Jul 4, 2025
CVE-2025-39487
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Rankie valvepress-rankie allows Reflected XSS.This issue affects Rankie: from n/a through <= …

Jul 4, 2025
CVE-2025-32311
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Pressroom pressroom allows Reflected XSS.This issue affects Pressroom: from n/a through <= …

Jul 4, 2025
CVE-2025-32297
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple …

Jul 4, 2025
CVE-2025-31037
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey homey allows Reflected XSS.This issue affects Homey: from n/a through <= …

Jul 4, 2025
CVE-2025-28980
7.7 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation …

Jul 4, 2025
CVE-2025-28978
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hung Trang Si SB Breadcrumbs sb-breadcrumbs allows Reflected XSS.This issue affects SB Breadcrumbs: …

Jul 4, 2025
CVE-2025-28968
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac WP Wall wp-wall allows Reflected XSS.This issue affects WP Wall: from …

Jul 4, 2025
CVE-2025-24780
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows …

Jul 4, 2025
CVE-2025-24771
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Content Manager Light content-manager-light allows Reflected XSS.This issue affects Content Manager Light: …

Jul 4, 2025
CVE-2025-38176
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in binderfs_evict_inode() Running 'stress-ng --binderfs 16 --timeout 300' under KASAN-enabled kernel, I've …

Jul 4, 2025
CVE-2025-38175
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: binder: fix yet another UAF in binder_devices Commit e77aff5528a18 ("binderfs: fix use-after-free in binder_devices") addressed …

Jul 4, 2025
CVE-2025-5920
7.5 HIGH

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the …

Jul 4, 2025
CVE-2025-30979
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery pixelating-image-slideshow-gallery allows SQL Injection.This issue affects …

Jul 4, 2025
CVE-2025-30969
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame …

Jul 4, 2025
CVE-2025-30947
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Cool fade popup cool-fade-popup allows Blind SQL Injection.This issue affects …

Jul 4, 2025
CVE-2025-28969
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cybio Gallery Widget gallery-widget allows SQL Injection.This issue affects Gallery Widget: …

Jul 4, 2025
CVE-2025-28967
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE contact-us-page-contact-people allows …

Jul 4, 2025
CVE-2025-24735
7.7 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chatra Chatra Live Chat + ChatBot + Cart Saver allows Stored XSS. This …

Jul 4, 2025
CVE-2025-53600
7.5 HIGH

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.

Jul 4, 2025
CVE-2025-32918
8.8 HIGH

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user …

Jul 4, 2025
CVE-2025-6814
7.5 HIGH

The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions …

Jul 4, 2025
CVE-2025-6783
7.5 HIGH

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc() function in all versions up to, and …

Jul 4, 2025
CVE-2025-6782
7.5 HIGH

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm() function in all versions up to, and …

Jul 4, 2025
CVE-2025-6586
7.2 HIGH

The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dpwap_plugin_locInstall function in all versions …

Jul 4, 2025
CVE-2025-6238
8.0 HIGH

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' …

Jul 4, 2025
CVE-2025-5953
8.8 HIGH

The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions …

Jul 4, 2025
CVE-2025-5322
7.2 HIGH

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and …

Jul 3, 2025
CVE-2025-49826
7.5 HIGH

Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of …

Jul 3, 2025
CVE-2025-53370
8.6 HIGH

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription …

Jul 3, 2025
CVE-2025-53369
8.6 HIGH

Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as …

Jul 3, 2025
CVE-2025-53368
8.6 HIGH

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw …

Jul 3, 2025
CVE-2025-34088
8.8 HIGH

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands …

Jul 3, 2025
CVE-2025-34087
8.8 HIGH

An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain …

Jul 3, 2025
CVE-2025-34086
8.8 HIGH

Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with …

Jul 3, 2025
CVE-2025-6926
8.8 HIGH

Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from …

Jul 3, 2025
CVE-2025-6073
7.5 HIGH

Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to …

Jul 3, 2025
CVE-2025-6072
7.5 HIGH

Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to …

Jul 3, 2025
CVE-2025-53501
8.8 HIGH

Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto …

Jul 3, 2025
CVE-2025-5961
7.2 HIGH

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in …

Jul 3, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.