CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-47941
7.2 HIGH

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch …

May 20, 2025
CVE-2025-47940
7.2 HIGH

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, …

May 20, 2025
CVE-2024-53359
7.5 HIGH

An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request.

May 20, 2025
CVE-2025-41231
7.3 HIGH

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised …

May 20, 2025
CVE-2025-41230
7.5 HIGH

VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue …

May 20, 2025
CVE-2025-41229
8.2 HIGH

VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue …

May 20, 2025
CVE-2025-30193
7.5 HIGH

In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker …

May 20, 2025
CVE-2025-37892
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob() need …

May 20, 2025
CVE-2025-2929
7.1 HIGH

The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

May 20, 2025
CVE-2025-3079
8.7 HIGH

A passback vulnerability which relates to office/small office multifunction printers and laser printers.

May 20, 2025
CVE-2025-3078
8.7 HIGH

A passback vulnerability which relates to production printers and office multifunction printers.

May 20, 2025
CVE-2025-47949
7.5 HIGH

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker …

May 19, 2025
CVE-2025-47944
7.5 HIGH

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker …

May 19, 2025
CVE-2025-47935
7.5 HIGH

Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper …

May 19, 2025
CVE-2025-39393
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla Hospital Management System hospital-management allows Reflected XSS.This issue affects Hospital Management System: …

May 19, 2025
CVE-2025-39392
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPAMS apartment-management allows Reflected XSS.This issue affects WPAMS: from n/a through <= …

May 19, 2025
CVE-2025-39372
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Reflected XSS.This issue affects …

May 19, 2025
CVE-2025-39366
8.8 HIGH

Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.

May 19, 2025
CVE-2025-39365
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0.

May 19, 2025
CVE-2025-39357
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System hospital-management allows SQL Injection.This issue affects Hospital …

May 19, 2025
CVE-2025-39355
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking allows SQL Injection.This issue affects FAT …

May 19, 2025
CVE-2025-39352
8.2 HIGH

Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0.

May 19, 2025
CVE-2025-39350
8.2 HIGH

Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.

May 19, 2025
CVE-2025-32925
8.3 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File …

May 19, 2025
CVE-2025-32924
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy allows SQL Injection.This issue affects Revy: from n/a …

May 19, 2025
CVE-2025-31027
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.

May 19, 2025
CVE-2025-43839
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Messages Tool bp-messages-tool allows Reflected XSS.This issue affects BP Messages Tool: …

May 19, 2025
CVE-2025-43837
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binti76 Total Donations total-donations allows Reflected XSS.This issue affects Total Donations: from n/a …

May 19, 2025
CVE-2025-43836
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in confuzzledduck Syndicate Out syndicate-out allows Reflected XSS.This issue affects Syndicate Out: from n/a …

May 19, 2025
CVE-2025-43832
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber remote-images-grabber allows Reflected XSS.This issue affects Remote Images Grabber: …

May 19, 2025
CVE-2025-39459
7.3 HIGH

Incorrect Privilege Assignment vulnerability in contempoinc Real Estate 7 realestate-7 allows Privilege Escalation.This issue affects Real Estate 7: from n/a through <= 3.5.2.

May 19, 2025
CVE-2025-39458
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue …

May 19, 2025
CVE-2025-39451
7.5 HIGH

Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through …

May 19, 2025
CVE-2025-39449
7.5 HIGH

Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.

May 19, 2025
CVE-2025-39447
7.5 HIGH

Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through …

May 19, 2025
CVE-2025-39446
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus …

May 19, 2025
CVE-2025-39411
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Indie_Plugins WhatsApp Click to Chat Plugin for WordPress wpt-whatsapp.This …

May 19, 2025
CVE-2025-39409
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pressaholic WordPress Video Robot - The Ultimate Video Importer.This issue affects WordPress Video …

May 19, 2025
CVE-2025-39407
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1.12.0.

May 19, 2025
CVE-2025-39405
8.8 HIGH

Incorrect Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).

May 19, 2025
CVE-2025-39403
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a …

May 19, 2025
CVE-2025-43840
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ref CheckBot checkbot allows Stored XSS.This issue affects CheckBot: from n/a through <= 1.05.

May 19, 2025
CVE-2025-43833
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links absolute-links allows Blind SQL Injection.This issue affects …

May 19, 2025
CVE-2025-39396
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue …

May 19, 2025
CVE-2025-27010
8.1 HIGH

Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2.

May 19, 2025
CVE-2025-26997
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler wireless-butler allows Reflected XSS.This issue affects Wireless Butler: from n/a …

May 19, 2025
CVE-2025-26735
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through …

May 19, 2025
CVE-2025-4941
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file …

May 19, 2025
CVE-2025-4940
7.3 HIGH

A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown …

May 19, 2025
CVE-2025-47576
8.8 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects …

May 19, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.