CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-6379
8.8 HIGH

The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_live_fn() function. This …

Jun 28, 2025
CVE-2025-53098
8.1 HIGH

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the …

Jun 27, 2025
CVE-2025-6777
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the file …

Jun 27, 2025
CVE-2025-6776
7.3 HIGH

A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the …

Jun 27, 2025
CVE-2025-6772
7.3 HIGH

A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. …

Jun 27, 2025
CVE-2025-53093
8.6 HIGH

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert …

Jun 27, 2025
CVE-2025-6521
7.6 HIGH

During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption …

Jun 27, 2025
CVE-2025-44557
8.1 HIGH

A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication …

Jun 27, 2025
CVE-2025-53339
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in devnex Devnex Addons For Elementor devnex-addons-for-elementor allows PHP Local …

Jun 27, 2025
CVE-2025-53338
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in dor re.place replace allows Stored XSS.This issue affects re.place: from n/a through <= 0.2.1.

Jun 27, 2025
CVE-2025-53332
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything track-everything allows Stored XSS.This issue affects Track Everything: from n/a through <= 2.0.1.

Jun 27, 2025
CVE-2025-53331
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest rss-digest allows Stored XSS.This issue affects RSS Digest: from n/a through <= 1.5.

Jun 27, 2025
CVE-2025-53329
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in szajenw Społecznościowa 6 PL 2013 spolecznosciowa-6-pl-2013 allows Stored XSS.This issue affects Społecznościowa 6 PL 2013: from n/a through <= …

Jun 27, 2025
CVE-2025-53317
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in AcmeeDesign WPShapere - WordPress admin theme wpshapere-lite allows Stored XSS.This issue affects WPShapere - WordPress admin theme: from n/a …

Jun 27, 2025
CVE-2025-53315
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload relocate-upload allows Stored XSS.This issue affects Relocate Upload: from n/a through <= 0.24.1.

Jun 27, 2025
CVE-2025-53313
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through <= …

Jun 27, 2025
CVE-2025-53312
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz onionbuzz-viral-quiz allows Stored XSS.This issue affects OnionBuzz: from n/a through <= 1.0.7.

Jun 27, 2025
CVE-2025-53311
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe navayan-subscribe allows Stored XSS.This issue affects Navayan Subscribe: from n/a through <= 1.13.

Jun 27, 2025
CVE-2025-53310
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Funnnny HidePost hidepost allows Reflected XSS.This issue affects HidePost: from n/a through <= 2.3.8.

Jun 27, 2025
CVE-2025-53308
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description image-slider-with-description allows Stored XSS.This issue affects Image Slider With Description: from n/a through <= …

Jun 27, 2025
CVE-2025-53306
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in lucidcrew WP Forum Server forum-server allows SQL Injection.This issue affects WP …

Jun 27, 2025
CVE-2025-53305
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in lucidcrew WP Forum Server forum-server allows Stored XSS.This issue affects WP Forum Server: from n/a through <= 1.8.2.

Jun 27, 2025
CVE-2025-53281
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPBean WPB Category Slider for WooCommerce wpb-woocommerce-category-slider allows PHP …

Jun 27, 2025
CVE-2025-53277
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software IS-theme-companion weblizar-companion allows Object Injection.This issue affects IS-theme-companion: from n/a through <= 1.59.

Jun 27, 2025
CVE-2025-53274
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator wp-permalink-translator allows Stored XSS.This issue affects WP Permalink Translator: from n/a through <= 1.7.6.

Jun 27, 2025
CVE-2025-53271
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Anton Bond Additional Order Filters for WooCommerce additional-order-filters-for-woocommerce allows Stored XSS.This issue affects Additional Order Filters for WooCommerce: from …

Jun 27, 2025
CVE-2025-53259
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This …

Jun 27, 2025
CVE-2025-53258
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: …

Jun 27, 2025
CVE-2025-53257
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Serhii Pasyuk Gmedia Photo Gallery grand-media allows PHP Local …

Jun 27, 2025
CVE-2025-53256
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows SQL Injection.This issue affects YaySMTP: from n/a …

Jun 27, 2025
CVE-2025-50528
7.3 HIGH

A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter.

Jun 27, 2025
CVE-2025-36595
7.2 HIGH

Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker …

Jun 27, 2025
CVE-2025-6763
8.1 HIGH

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some …

Jun 27, 2025
CVE-2025-52827
8.8 HIGH

Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3.

Jun 27, 2025
CVE-2025-52826
8.8 HIGH

Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3.

Jun 27, 2025
CVE-2025-52824
8.8 HIGH

Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through …

Jun 27, 2025
CVE-2025-52818
8.2 HIGH

Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= …

Jun 27, 2025
CVE-2025-52817
8.2 HIGH

Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from …

Jun 27, 2025
CVE-2025-52816
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-52815
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov citygov allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-52814
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-52812
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo domnoo allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-52811
8.1 HIGH

Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile …

Jun 27, 2025
CVE-2025-52810
8.1 HIGH

Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1.

Jun 27, 2025
CVE-2025-52809
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP …

Jun 27, 2025
CVE-2025-52808
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite realtyelite allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-52799
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS lms allows Reflected XSS.This issue affects LMS: from n/a through <= …

Jun 27, 2025
CVE-2025-52778
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xili-dictionary: from …

Jun 27, 2025
CVE-2025-52774
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a …

Jun 27, 2025
CVE-2025-52729
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue …

Jun 27, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.