CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-52727
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables css3_vertical_web_pricing_tables allows Reflected XSS.This issue affects CSS3 …

Jun 27, 2025
CVE-2025-52726
8.6 HIGH

Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0.

Jun 27, 2025
CVE-2025-52723
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker networker allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-50052
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Counter flexo-countdown allows Reflected XSS.This issue affects Flexo Counter: from n/a …

Jun 27, 2025
CVE-2025-49886
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab Zikzag Core zikzag-core allows PHP Local File Inclusion.This …

Jun 27, 2025
CVE-2025-49883
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-49448
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW …

Jun 27, 2025
CVE-2025-49423
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Tahir Ali Jan Bulk YouTube Post Creator bulk-youtube-post-creator allows Reflected XSS.This issue …

Jun 27, 2025
CVE-2025-49416
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fastw3b LLC FW Gallery fw-gallery allows PHP Local File …

Jun 27, 2025
CVE-2025-49321
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through <= …

Jun 27, 2025
CVE-2025-49290
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Reflected XSS.This issue affects …

Jun 27, 2025
CVE-2025-47654
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects …

Jun 27, 2025
CVE-2025-47574
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a …

Jun 27, 2025
CVE-2025-45851
7.5 HIGH

An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the …

Jun 27, 2025
CVE-2025-39488
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne magone allows Reflected XSS.This issue affects MagOne: from n/a through <= …

Jun 27, 2025
CVE-2025-39478
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a …

Jun 27, 2025
CVE-2025-32298
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-31428
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through <= …

Jun 27, 2025
CVE-2025-31067
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a …

Jun 27, 2025
CVE-2025-30992
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-30972
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify woo-line-notify allows Stored XSS.This issue affects Woocommerce Line Notify: …

Jun 27, 2025
CVE-2025-28998
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in serpednet SERPed.net serped-net allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-28993
8.6 HIGH

Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Mortellaro Content No Cache content-no-cache allows Code Injection.This issue affects Content No Cache: from …

Jun 27, 2025
CVE-2025-28990
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky snsvicky allows PHP Local File Inclusion.This …

Jun 27, 2025
CVE-2025-28988
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Reflected XSS.This issue …

Jun 27, 2025
CVE-2025-28960
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine evangtermine allows Reflected XSS.This issue affects Evangelische Termine: from n/a …

Jun 27, 2025
CVE-2025-28956
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp backwp allows Reflected XSS.This issue affects Backwp: from n/a through <= …

Jun 27, 2025
CVE-2025-28947
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme mbstore allows …

Jun 27, 2025
CVE-2025-28946
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme PrintXtore bw-printxtore allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-27361
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google photo-express-for-google allows Reflected XSS.This issue affects Photo Express …

Jun 27, 2025
CVE-2025-25173
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Stored XSS.This issue affects FastBook: from n/a through <= …

Jun 27, 2025
CVE-2025-25171
8.8 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through …

Jun 27, 2025
CVE-2025-24774
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce wpcrm allows Reflected …

Jun 27, 2025
CVE-2025-24769
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Zenny bw-zenny allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-24765
7.7 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RobMarsh Image Shadow image-shadow allows Path Traversal.This issue affects Image Shadow: from …

Jun 27, 2025
CVE-2025-24760
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Sofass sofass allows PHP Local File Inclusion.This issue …

Jun 27, 2025
CVE-2025-23973
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugudlabs SpecFit-Virtual Try On Woocommerce try-on-for-woocommerce allows Stored XSS.This issue affects SpecFit-Virtual Try …

Jun 27, 2025
CVE-2023-25998
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme …

Jun 27, 2025
CVE-2025-6761
7.3 HIGH

A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of …

Jun 27, 2025
CVE-2025-2940
7.2 HIGH

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 …

Jun 27, 2025
CVE-2025-36529
7.2 HIGH

An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command …

Jun 27, 2025
CVE-2025-6752
8.8 HIGH

A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService …

Jun 27, 2025
CVE-2025-6751
8.8 HIGH

A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of …

Jun 27, 2025
CVE-2025-6734
8.8 HIGH

A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the …

Jun 26, 2025
CVE-2025-6733
8.8 HIGH

A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the …

Jun 26, 2025
CVE-2025-6732
8.8 HIGH

A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file …

Jun 26, 2025
CVE-2014-6274
7.5 HIGH

git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS …

Jun 26, 2025
CVE-2025-52904
8.0 HIGH

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In …

Jun 26, 2025
CVE-2025-52903
8.0 HIGH

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In …

Jun 26, 2025
CVE-2025-52477
8.6 HIGH

Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated …

Jun 26, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.