CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-47619
7.5 HIGH

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also …

May 7, 2025
CVE-2025-47685
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout contribuinte-checkout allows Stored XSS.This issue affects Contribuinte Checkout: from n/a through <= 2.0.03.

May 7, 2025
CVE-2025-47683
7.2 HIGH

Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance wp-maintenance allows Object Injection.This issue affects WP Maintenance: from n/a through <= 6.1.9.7.

May 7, 2025
CVE-2025-47655
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer themarketer allows Stored XSS.This issue affects theMarketer: from n/a through <= 1.4.7.

May 7, 2025
CVE-2025-47653
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue …

May 7, 2025
CVE-2025-47649
8.8 HIGH

Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through …

May 7, 2025
CVE-2025-47648
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a …

May 7, 2025
CVE-2025-47643
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue …

May 7, 2025
CVE-2025-47639
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading polylang-supertext allows Stored XSS.This issue affects Supertext Translation and Proofreading: from n/a through <= …

May 7, 2025
CVE-2025-47636
7.5 HIGH

Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= …

May 7, 2025
CVE-2025-47629
7.2 HIGH

Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through <= 3.4.5.

May 7, 2025
CVE-2025-47620
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network martins-free-and-easy-ad-network-get-more-visitors allows Reflected XSS.This issue affects Martins Free Monetized Ad Exchange Network: …

May 7, 2025
CVE-2025-47587
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from …

May 7, 2025
CVE-2025-47546
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Request Forgery.This issue affects WP Compress: from n/a through <= 6.30.30.

May 7, 2025
CVE-2025-47544
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Blind …

May 7, 2025
CVE-2025-47538
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce cart-tracking-for-woocommerce allows SQL Injection.This issue affects …

May 7, 2025
CVE-2025-47537
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows SQL Injection.This issue …

May 7, 2025
CVE-2025-47533
8.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows PHP Local File Inclusion.This issue affects Graphina: from n/a through <= 3.0.4.

May 7, 2025
CVE-2025-47531
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events xt-facebook-events …

May 7, 2025
CVE-2025-47517
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Stored XSS.This issue affects Accept Donations with PayPal & …

May 7, 2025
CVE-2025-47514
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related Posts Footer Links and Widget spostarbust allows Stored XSS.This issue affects ELI's Related Posts Footer Links …

May 7, 2025
CVE-2025-47510
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows PHP Local File …

May 7, 2025
CVE-2025-47508
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ruben Garcia GamiPress gamipress allows PHP Local File Inclusion.This …

May 7, 2025
CVE-2025-47498
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This …

May 7, 2025
CVE-2025-47496
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress PublishPress Authors publishpress-authors allows PHP Local File Inclusion.This …

May 7, 2025
CVE-2025-47494
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This …

May 7, 2025
CVE-2025-47491
7.4 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a …

May 7, 2025
CVE-2025-47490
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows SQL Injection.This issue affects Ultimate …

May 7, 2025
CVE-2025-47462
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in WebAppick Challan webappick-pdf-invoice-for-woocommerce allows Privilege Escalation.This issue affects Challan: from n/a through <= 3.7.58.

May 7, 2025
CVE-2025-47460
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TrackShip TrackShip for WooCommerce trackship-for-woocommerce allows SQL Injection.This issue affects TrackShip …

May 7, 2025
CVE-2025-47440
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts wpadverts allows PHP Local File Inclusion.This …

May 7, 2025
CVE-2025-47439
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor download-monitor allows PHP Local File …

May 7, 2025
CVE-2025-29448
7.5 HIGH

Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future …

May 7, 2025
CVE-2025-29152
7.6 HIGH

Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via multiple components, including Strategic Planning Perspective Registration, Training Request, …

May 7, 2025
CVE-2020-36791
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access …

May 7, 2025
CVE-2025-33093
7.5 HIGH

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.

May 7, 2025
CVE-2025-27533
7.5 HIGH

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which …

May 7, 2025
CVE-2025-20979
8.4 HIGH

Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.

May 7, 2025
CVE-2025-20968
7.2 HIGH

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows …

May 7, 2025
CVE-2025-20957
7.3 HIGH

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.

May 7, 2025
CVE-2025-0669
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3.

May 7, 2025
CVE-2025-32405
7.5 HIGH

An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by …

May 7, 2025
CVE-2025-32402
7.5 HIGH

An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by …

May 7, 2025
CVE-2025-32400
7.5 HIGH

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library …

May 7, 2025
CVE-2025-32398
7.5 HIGH

A NULL Pointer Dereference in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library …

May 7, 2025
CVE-2025-32397
7.5 HIGH

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library …

May 7, 2025
CVE-2025-32396
7.5 HIGH

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library …

May 7, 2025
CVE-2025-4335
8.8 HIGH

The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient …

May 7, 2025
CVE-2025-3921
8.2 HIGH

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function …

May 7, 2025
CVE-2025-3852
8.8 HIGH

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to …

May 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.