37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables css3_vertical_web_pricing_tables allows Reflected XSS.This issue affects CSS3 …
Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker networker allows PHP Local File Inclusion.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Counter flexo-countdown allows Reflected XSS.This issue affects Flexo Counter: from n/a …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab Zikzag Core zikzag-core allows PHP Local File Inclusion.This …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue …
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Tahir Ali Jan Bulk YouTube Post Creator bulk-youtube-post-creator allows Reflected XSS.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fastw3b LLC FW Gallery fw-gallery allows PHP Local File …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through <= …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Reflected XSS.This issue affects …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a …
An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne magone allows Reflected XSS.This issue affects MagOne: from n/a through <= …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through <= …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify woo-line-notify allows Stored XSS.This issue affects Woocommerce Line Notify: …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in serpednet SERPed.net serped-net allows PHP Local File Inclusion.This issue …
Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Mortellaro Content No Cache content-no-cache allows Code Injection.This issue affects Content No Cache: from …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky snsvicky allows PHP Local File Inclusion.This …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Reflected XSS.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine evangtermine allows Reflected XSS.This issue affects Evangelische Termine: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp backwp allows Reflected XSS.This issue affects Backwp: from n/a through <= …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme mbstore allows …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme PrintXtore bw-printxtore allows PHP Local File Inclusion.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google photo-express-for-google allows Reflected XSS.This issue affects Photo Express …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Stored XSS.This issue affects FastBook: from n/a through <= …
Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce wpcrm allows Reflected …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Zenny bw-zenny allows PHP Local File Inclusion.This issue …
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RobMarsh Image Shadow image-shadow allows Path Traversal.This issue affects Image Shadow: from …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Sofass sofass allows PHP Local File Inclusion.This issue …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugudlabs SpecFit-Virtual Try On Woocommerce try-on-for-woocommerce allows Stored XSS.This issue affects SpecFit-Virtual Try …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme …
A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of …
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 …
An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command …
A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService …
A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of …
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the …
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the …
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file …
git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS …
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In …
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In …
Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated …
Free website and port scanning — find vulnerabilities before attackers do.