37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the parsing logic …
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when …
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup …
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int …
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_auth[psid->num_subauth - 1] without checking if …
In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated …
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() …
In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f ("PCI/ASPM: Disable ASPM …
In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to …
A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file …
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. …
A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-customer-detailed.php. …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Lomu WPCOM Member wpcom-member allows PHP Local File Inclusion.This …
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Hostel hostel allows Blind SQL Injection.This issue affects Hostel: from …
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban right-click-disable-or-ban allows Stored XSS.This issue affects Right Click Disable OR Ban: …
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Stored XSS.This issue affects Internal Link Optimiser: from n/a through <= 5.1.3.
Cross-Site Request Forgery (CSRF) vulnerability in sminozzi WP Tools wptools allows Path Traversal.This issue affects WP Tools: from n/a through <= 5.18.
Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 site-search-360 allows Stored XSS.This issue affects Site Search 360: from n/a through <= 2.1.8.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedefiningTheWeb BMA Lite bma-lite-appointment-booking-and-scheduling allows SQL Injection.This issue affects BMA Lite: …
A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component SIZE Command …
A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component PASV Command …
Missing Authorization vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through <= 6.5.8.
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhci: …
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens …
In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free …
A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MODE …
A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component …
A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. …
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component HELP …
A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the …
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Tourmaster tourmaster allows Reflected XSS.This issue affects Tourmaster: from n/a through < …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dzynit SEO Tools seo-automatic-seo-tools allows Reflected XSS.This issue affects SEO Tools: from n/a …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scottwallick Easy Contact easy-contact allows Reflected XSS.This issue affects Easy Contact: from n/a …
Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows PHP Local …
Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through < 1.6.1.
Missing Authorization vulnerability in Crocoblock JetMenu jet-menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetMenu: from n/a through <= 2.4.9.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratör kargo-entegrator allows SQL Injection.This issue affects Kargo Entegratör: …
Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in caalami Advanced Custom Fields: Link Picker Field acf-link-picker-field allows Reflected XSS.This issue affects …
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a …
Jellyfin is an open source self hosted media server. Versions before 10.10.7 are vulnerable to argument injection in FFmpeg. This can be leveraged to possibly …
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows …
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Page and Field Configuration). The supported version that is affected is …
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows …
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker …
Free website and port scanning — find vulnerabilities before attackers do.