CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-25060
8.2 HIGH

Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may …

Apr 2, 2025
CVE-2025-3069
8.8 HIGH

Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security …

Apr 2, 2025
CVE-2025-3068
8.8 HIGH

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. …

Apr 2, 2025
CVE-2025-3067
8.8 HIGH

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific …

Apr 2, 2025
CVE-2025-3066
8.8 HIGH

Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML …

Apr 2, 2025
CVE-2025-29981
7.5 HIGH

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access …

Apr 2, 2025
CVE-2025-31619
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear …

Apr 1, 2025
CVE-2025-31594
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading auto-scroll-for-reading allows Reflected XSS.This issue affects Auto scroll …

Apr 1, 2025
CVE-2025-31580
7.5 HIGH

Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry ni-woocommerce-product-enquiry allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ni WooCommerce Product Enquiry: …

Apr 1, 2025
CVE-2025-31578
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This …

Apr 1, 2025
CVE-2025-31571
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider the-logo-slider allows Reflected XSS.This issue affects The …

Apr 1, 2025
CVE-2025-31568
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds wiredminds-leadlab allows Reflected XSS.This issue affects LeadLab by wiredminds: …

Apr 1, 2025
CVE-2025-31564
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) …

Apr 1, 2025
CVE-2025-31563
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vimal Kava AI Search Bar open-ai-search-bar allows Stored XSS.This issue affects AI Search …

Apr 1, 2025
CVE-2025-31561
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows SQL Injection.This issue affects Ultimate …

Apr 1, 2025
CVE-2025-31560
7.2 HIGH

Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This issue affects Salon booking system: from n/a through < 10.15.

Apr 1, 2025
CVE-2025-31548
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Reflected XSS.This issue affects Ultimate Push Notifications: …

Apr 1, 2025
CVE-2025-31537
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit bulk-noindex-nofollow-toolkit-by-mad-fish allows Reflected XSS.This issue affects Bulk …

Apr 1, 2025
CVE-2025-31462
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rzfarrell CGM Event Calendar cgm-event-calendar allows Reflected XSS.This issue affects CGM Event Calendar: …

Apr 1, 2025
CVE-2025-31461
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mayeenul Islam NanoSupport nanosupport allows Reflected XSS.This issue affects NanoSupport: from n/a through …

Apr 1, 2025
CVE-2025-31455
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ralxz Limit Max IPs Per User limit-max-ips-per-user allows DOM-Based XSS.This issue affects Limit …

Apr 1, 2025
CVE-2025-31454
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly Delete Post Revision delete-post-revision allows Reflected XSS.This issue affects Delete Post Revision: …

Apr 1, 2025
CVE-2025-31446
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jiangmiao WP Cleaner wpcleaner allows Reflected XSS.This issue affects WP Cleaner: from n/a …

Apr 1, 2025
CVE-2025-31445
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sed Lex Pages Order pages-order allows Reflected XSS.This issue affects Pages Order: from …

Apr 1, 2025
CVE-2025-31441
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S WordPress Galleria wp-galleria allows Reflected XSS.This issue affects WordPress Galleria: from n/a …

Apr 1, 2025
CVE-2025-31431
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in conlabz GmbH WP Bookmarks wp-bookmarks allows Reflected XSS.This issue affects WP Bookmarks: from …

Apr 1, 2025
CVE-2025-31097
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hossein Material Dashboard material-dashboard allows PHP Local File Inclusion.This …

Apr 1, 2025
CVE-2025-31089
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fahad Mahmood Order Splitter for WooCommerce woo-order-splitter allows SQL Injection.This issue …

Apr 1, 2025
CVE-2025-31086
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WBW Plugins Product Table by WBW woo-product-tables allows Reflected XSS.This issue affects Product …

Apr 1, 2025
CVE-2025-31085
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language xili-language allows Reflected XSS.This issue affects xili-language: from …

Apr 1, 2025
CVE-2025-31082
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP …

Apr 1, 2025
CVE-2025-31081
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: …

Apr 1, 2025
CVE-2025-31080
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: …

Apr 1, 2025
CVE-2025-31078
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Reflected XSS.This issue …

Apr 1, 2025
CVE-2025-30913
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas wp-access-areas allows Reflected XSS.This issue affects Access Areas: from n/a …

Apr 1, 2025
CVE-2025-30906
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial – Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.This issue affects …

Apr 1, 2025
CVE-2025-30905
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Stored XSS.This …

Apr 1, 2025
CVE-2025-30892
8.8 HIGH

Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Object Injection.This issue affects WpTravelly: from n/a through <= 1.8.7.

Apr 1, 2025
CVE-2025-30852
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite oracle-cards allows Reflected XSS.This issue affects Oracle Cards Lite: …

Apr 1, 2025
CVE-2025-30844
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz watu allows Reflected XSS.This issue affects Watu Quiz: from n/a …

Apr 1, 2025
CVE-2025-30825
8.8 HIGH

Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce wpc-smart-linked-products allows Privilege Escalation.This issue affects WPC Smart Linked Products …

Apr 1, 2025
CVE-2025-30778
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through …

Apr 1, 2025
CVE-2025-30554
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abhishek Kumar Frizzly frizzly allows Reflected XSS.This issue affects Frizzly: from n/a through …

Apr 1, 2025
CVE-2025-29070
7.5 HIGH

A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. …

Apr 1, 2025
CVE-2025-29033
7.3 HIGH

An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter.

Apr 1, 2025
CVE-2025-29069
7.3 HIGH

A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling …

Apr 1, 2025
CVE-2025-31137
7.5 HIGH

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that …

Apr 1, 2025
CVE-2025-27829
7.3 HIGH

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to …

Apr 1, 2025
CVE-2025-21985
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but location can have …

Apr 1, 2025
CVE-2025-21983
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a system workqueue which is "system_unbound_wq" …

Apr 1, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.