CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-4715
7.3 HIGH

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality …

May 15, 2025
CVE-2025-47785
8.3 HIGH

Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is …

May 15, 2025
CVE-2025-47161
7.8 HIGH

Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

May 15, 2025
CVE-2024-9831
7.2 HIGH

The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL …

May 15, 2025
CVE-2024-8700
7.5 HIGH

The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.

May 15, 2025
CVE-2024-8699
7.2 HIGH

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the …

May 15, 2025
CVE-2024-6719
8.1 HIGH

The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to …

May 15, 2025
CVE-2024-6486
7.2 HIGH

The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, …

May 15, 2025
CVE-2024-12812
7.5 HIGH

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an …

May 15, 2025
CVE-2024-12735
7.2 HIGH

The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and …

May 15, 2025
CVE-2024-11372
7.2 HIGH

The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform …

May 15, 2025
CVE-2024-11269
7.2 HIGH

The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform …

May 15, 2025
CVE-2024-11267
8.8 HIGH

The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with …

May 15, 2025
CVE-2024-0852
8.8 HIGH

The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated …

May 15, 2025
CVE-2024-0249
7.1 HIGH

The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

May 15, 2025
CVE-2023-7239
7.5 HIGH

The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. …

May 15, 2025
CVE-2023-7231
7.3 HIGH

The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links.

May 15, 2025
CVE-2023-7197
7.1 HIGH

The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which …

May 15, 2025
CVE-2023-7174
7.1 HIGH

The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could …

May 15, 2025
CVE-2023-5934
7.3 HIGH

The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, …

May 15, 2025
CVE-2025-4714
7.3 HIGH

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file …

May 15, 2025
CVE-2025-4713
7.3 HIGH

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/print.php. …

May 15, 2025
CVE-2025-4712
7.3 HIGH

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/account_summary.php. …

May 15, 2025
CVE-2025-32922
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Stored XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0.

May 15, 2025
CVE-2025-30475
8.1 HIGH

Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading …

May 15, 2025
CVE-2025-26481
7.5 HIGH

Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial …

May 15, 2025
CVE-2025-4711
7.3 HIGH

A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/stockin_add.php. …

May 15, 2025
CVE-2025-4710
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Campcodes Sales and Inventory System 1.0. Affected by this issue is some unknown functionality …

May 15, 2025
CVE-2025-4709
7.3 HIGH

A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file …

May 15, 2025
CVE-2025-4708
7.3 HIGH

A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/sales_add.php. The …

May 15, 2025
CVE-2025-4707
7.3 HIGH

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the …

May 15, 2025
CVE-2025-4706
7.3 HIGH

A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Procedure3b_yearwiseVisit.php. …

May 15, 2025
CVE-2025-30421
7.8 HIGH

There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability …

May 15, 2025
CVE-2025-30420
7.8 HIGH

There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. This …

May 15, 2025
CVE-2025-30419
7.8 HIGH

There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. This …

May 15, 2025
CVE-2025-30418
7.8 HIGH

There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. This …

May 15, 2025
CVE-2025-30417
7.8 HIGH

There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. This …

May 15, 2025
CVE-2025-4705
7.3 HIGH

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file …

May 15, 2025
CVE-2025-4704
7.3 HIGH

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this issue is some unknown functionality of the …

May 15, 2025
CVE-2025-4703
7.3 HIGH

A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of …

May 15, 2025
CVE-2025-48050
7.5 HIGH

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the …

May 15, 2025
CVE-2024-52880
7.9 HIGH

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before …

May 15, 2025
CVE-2024-52879
7.5 HIGH

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before …

May 15, 2025
CVE-2024-52878
7.5 HIGH

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before …

May 15, 2025
CVE-2024-52877
7.5 HIGH

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before …

May 15, 2025
CVE-2025-4702
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. …

May 15, 2025
CVE-2025-4699
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul Apartment Visitors Management System 1.0. This vulnerability affects unknown code of the file /admin/visitors-form.php. The manipulation …

May 15, 2025
CVE-2025-4698
7.3 HIGH

A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/forget-password.php. The manipulation …

May 15, 2025
CVE-2025-4697
7.3 HIGH

A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of …

May 15, 2025
CVE-2025-27523
8.7 HIGH

XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from …

May 15, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.