CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-33122
7.5 HIGH

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced …

Jun 17, 2025
CVE-2025-49879
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in themezaa Litho litho allows Path Traversal.This issue affects Litho: from n/a through …

Jun 17, 2025
CVE-2025-49854
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anh Tran Slim SEO slim-seo allows SQL Injection.This issue affects Slim …

Jun 17, 2025
CVE-2025-49508
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49451
7.5 HIGH

Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects …

Jun 17, 2025
CVE-2025-49415
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Path Traversal.This issue affects FW Gallery: …

Jun 17, 2025
CVE-2025-49331
7.2 HIGH

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through <= 3.4.3.

Jun 17, 2025
CVE-2025-49316
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a …

Jun 17, 2025
CVE-2025-49312
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress rss-feed-post-generator-echo allows Reflected XSS.This …

Jun 17, 2025
CVE-2025-49266
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Reflected XSS.This issue affects Ultimate Reviews: from n/a …

Jun 17, 2025
CVE-2025-49261
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49260
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49259
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49258
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Maia maia allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49257
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49256
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Sapa sapa allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49255
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Ruza ruza allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49254
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49253
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa lasa allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49252
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49251
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-49180
7.8 HIGH

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when …

Jun 17, 2025
CVE-2025-49179
7.3 HIGH

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows …

Jun 17, 2025
CVE-2025-49176
7.3 HIGH

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing …

Jun 17, 2025
CVE-2025-48333
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPQuark eForm - WordPress Form Builder wp-fsqm-pro allows Reflected XSS.This issue affects eForm …

Jun 17, 2025
CVE-2025-48145
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michal Jaworski Track, Analyze & Optimize by WP Tao wp-tao allows Reflected XSS.This …

Jun 17, 2025
CVE-2025-48118
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpExperts Hub Woocommerce Partial Shipment wc-partial-shipment allows SQL Injection.This issue affects …

Jun 17, 2025
CVE-2025-47572
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This …

Jun 17, 2025
CVE-2025-39508
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core nasa-core allows Reflected XSS.This issue affects Nasa Core: from n/a …

Jun 17, 2025
CVE-2025-39486
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie valvepress-rankie allows SQL Injection.This issue affects Rankie: from n/a …

Jun 17, 2025
CVE-2025-32549
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue …

Jun 17, 2025
CVE-2025-30988
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Stored XSS.This issue affects Elite Video Player: …

Jun 17, 2025
CVE-2025-30562
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This issue affects …

Jun 17, 2025
CVE-2025-29002
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Simen snssimen allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-28991
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Evon snsevon allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-28972
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injection.This …

Jun 17, 2025
CVE-2025-24761
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK dsk allows PHP Local File Inclusion.This issue …

Jun 17, 2025
CVE-2025-4879
7.8 HIGH

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Jun 17, 2025
CVE-2025-0320
7.8 HIGH

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows

Jun 17, 2025
CVE-2025-6020
7.8 HIGH

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to …

Jun 17, 2025
CVE-2025-5777
7.5 HIGH KEV

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA …

Jun 17, 2025
CVE-2025-5349
8.8 HIGH

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway

Jun 17, 2025
CVE-2025-4365
7.5 HIGH

Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)

Jun 17, 2025
CVE-2025-3515
8.1 HIGH

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type …

Jun 17, 2025
CVE-2025-6165
8.8 HIGH

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the …

Jun 17, 2025
CVE-2025-6164
8.8 HIGH

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the …

Jun 17, 2025
CVE-2025-6163
8.8 HIGH

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of …

Jun 17, 2025
CVE-2025-6162
8.8 HIGH

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP …

Jun 17, 2025
CVE-2025-6161
7.3 HIGH

A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. …

Jun 17, 2025
CVE-2025-6160
7.3 HIGH

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the …

Jun 17, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.