37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality …
Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is …
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL …
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.
The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the …
The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to …
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, …
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an …
The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and …
The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform …
The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform …
The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with …
The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated …
The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a …
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. …
The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links.
The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which …
The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could …
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, …
A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file …
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/print.php. …
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/account_summary.php. …
Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Stored XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0.
Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading …
Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial …
A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/stockin_add.php. …
A vulnerability, which was classified as critical, has been found in Campcodes Sales and Inventory System 1.0. Affected by this issue is some unknown functionality …
A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file …
A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/sales_add.php. The …
A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the …
A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Procedure3b_yearwiseVisit.php. …
There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability …
There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. This …
There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. This …
There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. This …
There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. This …
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file …
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this issue is some unknown functionality of the …
A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of …
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the …
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before …
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before …
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before …
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before …
A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. …
A vulnerability classified as critical was found in PHPGurukul Apartment Visitors Management System 1.0. This vulnerability affects unknown code of the file /admin/visitors-form.php. The manipulation …
A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/forget-password.php. The manipulation …
A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of …
XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from …
Free website and port scanning — find vulnerabilities before attackers do.