37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.
Memory corruption while prociesing command buffer buffer in OPE module.
Memory corruption Camera kernel when large number of devices are attached through userspace.
Memory corruption during array access in Camera kernel due to invalid index from invalid command data.
Memory corruption while encoding JPEG format.
Memory corruption during concurrent buffer access due to modification of the reference count.
Memory corruption when blob structure is modified by user-space after kernel verification.
Memory corruption during concurrent access to server info object due to incorrect reference count update.
Memory corruption during concurrent SSR execution due to race condition on the global maps list.
A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the …
A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation …
Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability.
Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
A vulnerability has been found in SourceCodester Advanced Web Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …
A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Affected is an unknown function of the file /admin/admin_addnew_product.php. The …
The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software …
A vulnerability, which was classified as critical, has been found in SourceCodester Advanced Web Store 1.0. This issue affects some unknown processing of the file …
A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/update_main_topic_img.php?topic_id=529. The manipulation of …
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality …
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality …
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been classified as critical. Affected is an unknown function of the file …
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file …
The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is …
A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /adminprofile.php. …
A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected by this issue is some unknown …
A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search-notice.php. …
cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request …
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to …
A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /search_list.php. The manipulation …
A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file …
A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file …
A vulnerability was found in PHPGurukul Men Salon Management System 2.0. It has been classified as critical. This affects an unknown part of the file …
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SMNT …
A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component RNTO Command Handler. The manipulation …
A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RNFR Command Handler. The …
Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 …
Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.
Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload.
Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload.
Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload.
Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload.
Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.
A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Login.php?f=login. The …
The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all …
Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation …
Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific …
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password.
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details …
Free website and port scanning — find vulnerabilities before attackers do.