CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-32145
8.8 HIGH

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 4.3.6.

Apr 10, 2025
CVE-2025-32128
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aaronfrey Nearby Locations nearby-locations allows SQL Injection.This issue affects Nearby Locations: …

Apr 10, 2025
CVE-2025-32119
8.2 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue …

Apr 10, 2025
CVE-2025-32116
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studi7 QR Master qr-master allows Reflected XSS.This issue affects QR Master: from n/a …

Apr 10, 2025
CVE-2025-32115
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Content Light popping-content-light allows Reflected XSS.This issue affects Popping Content Light: …

Apr 10, 2025
CVE-2025-32114
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5sterrenspecialist WordPress 5sterrenspecialist Plugin 5-sterrenspecialist allows Reflected XSS.This issue affects WordPress 5sterrenspecialist Plugin: …

Apr 10, 2025
CVE-2025-31524
8.8 HIGH

Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through <= 2.6.2.

Apr 10, 2025
CVE-2025-30582
8.1 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM dyapress allows PHP Local File Inclusion.This issue affects DyaPress …

Apr 10, 2025
CVE-2024-38865
8.8 HIGH

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command …

Apr 10, 2025
CVE-2025-3417
8.8 HIGH

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on …

Apr 10, 2025
CVE-2025-2809
7.3 HIGH

The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due …

Apr 10, 2025
CVE-2025-2805
7.3 HIGH

The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the …

Apr 10, 2025
CVE-2024-13874
7.1 HIGH

The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site …

Apr 10, 2025
CVE-2025-0539
8.8 HIGH

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned …

Apr 10, 2025
CVE-2025-3102
8.1 HIGH

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value …

Apr 10, 2025
CVE-2025-26330
7.0 HIGH

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access …

Apr 10, 2025
CVE-2025-30660
7.5 HIGH

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an …

Apr 9, 2025
CVE-2025-30659
7.5 HIGH

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, …

Apr 9, 2025
CVE-2025-30658
7.5 HIGH

A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based …

Apr 9, 2025
CVE-2025-30656
7.5 HIGH

An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC …

Apr 9, 2025
CVE-2025-30651
7.5 HIGH

A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an …

Apr 9, 2025
CVE-2025-30649
7.5 HIGH

An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security …

Apr 9, 2025
CVE-2025-30648
7.4 HIGH

An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker …

Apr 9, 2025
CVE-2025-30645
7.5 HIGH

A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control …

Apr 9, 2025
CVE-2025-30644
7.5 HIGH

A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, …

Apr 9, 2025
CVE-2025-2632
7.8 HIGH

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or …

Apr 9, 2025
CVE-2025-2631
7.8 HIGH

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. …

Apr 9, 2025
CVE-2025-21601
7.5 HIGH

An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on …

Apr 9, 2025
CVE-2025-21594
7.5 HIGH

An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a …

Apr 9, 2025
CVE-2025-21591
7.4 HIGH

A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, …

Apr 9, 2025
CVE-2025-2630
7.3 HIGH

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. …

Apr 9, 2025
CVE-2025-2629
7.3 HIGH

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may …

Apr 9, 2025
CVE-2025-32692
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows PHP Local …

Apr 9, 2025
CVE-2025-32685
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP …

Apr 9, 2025
CVE-2025-32677
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue …

Apr 9, 2025
CVE-2025-32676
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects …

Apr 9, 2025
CVE-2025-32673
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through <= 2.0.6.

Apr 9, 2025
CVE-2025-32669
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Stored XSS.This issue affects Mergado Pack: from n/a through <= 4.2.1.

Apr 9, 2025
CVE-2025-32667
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through <= 2.5.1.

Apr 9, 2025
CVE-2025-32664
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities nepali-date-utilities allows Stored XSS.This issue affects Nepali Date Utilities: from n/a through <= 1.0.15.

Apr 9, 2025
CVE-2025-32661
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map interactive-us-map allows Stored XSS.This issue affects Interactive US Map: from n/a through <= …

Apr 9, 2025
CVE-2025-32659
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Stored XSS.This issue affects FraudLabs Pro for WooCommerce: from n/a through <= …

Apr 9, 2025
CVE-2025-32645
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Hiren Patel Custom Posts Order custom-posts-order allows Stored XSS.This issue affects Custom Posts Order: from n/a through <= 4.4.

Apr 9, 2025
CVE-2025-32644
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in IP2Location IP2Location World Clock ip2location-world-clock allows Stored XSS.This issue affects IP2Location World Clock: from n/a through <= 1.1.9.

Apr 9, 2025
CVE-2025-32624
7.1 HIGH

Missing Authorization vulnerability in czater Czater.pl – live chat i telefon czater allows Cross Site Request Forgery.This issue affects Czater.pl – live chat i telefon: …

Apr 9, 2025
CVE-2025-32623
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in plainware PlainInventory z-inventory-manager allows Stored XSS.This issue affects PlainInventory: from n/a through <= 3.1.9.

Apr 9, 2025
CVE-2025-32621
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital WP Map Route Planner wp-map-route-planner allows Cross Site Request Forgery.This issue affects WP Map Route Planner: from …

Apr 9, 2025
CVE-2025-32619
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in KeyCAPTCHA KeyCAPTCHA keycaptcha allows Stored XSS.This issue affects KeyCAPTCHA: from n/a through <= 2.5.1.

Apr 9, 2025
CVE-2025-32617
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map multiple-location-google-map allows Stored XSS.This issue affects Multiple Location Google Map: from n/a through <= …

Apr 9, 2025
CVE-2025-32616
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking nimbata-call-tracking allows Stored XSS.This issue affects Nimbata Call Tracking: from n/a through <= 1.7.4.

Apr 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.