CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-26541
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Reflected XSS.This issue …

Mar 26, 2025
CVE-2025-26536
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yendif Player Another Events Calendar another-events-calendar allows Reflected XSS.This issue affects Another Events …

Mar 26, 2025
CVE-2025-25134
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zenverse Theme Demo Bar wordpress-theme-demo-bar allows Reflected XSS.This issue affects Theme Demo Bar: …

Mar 26, 2025
CVE-2025-24690
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This …

Mar 26, 2025
CVE-2025-23964
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ajitae Google Plus google-plus-google allows Reflected XSS.This issue affects Google Plus: from n/a …

Mar 26, 2025
CVE-2025-23952
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ntm custom-field-list-widget custom-field-list-widget allows PHP Local File Inclusion.This issue …

Mar 26, 2025
CVE-2025-23937
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File …

Mar 26, 2025
CVE-2025-23735
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cosmin Schiopu Infugrator infugrator allows Reflected XSS.This issue affects Infugrator: from n/a through …

Mar 26, 2025
CVE-2025-23728
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in atelierhyper AuMenu aumenu allows Reflected XSS.This issue affects AuMenu: from n/a through <= …

Mar 26, 2025
CVE-2025-23714
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podspod AppReview appreview allows Reflected XSS.This issue affects AppReview: from n/a through <= …

Mar 26, 2025
CVE-2025-23704
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reuven Karasik Your Lightbox your-lightbox allows Reflected XSS.This issue affects Your Lightbox: from …

Mar 26, 2025
CVE-2025-23680
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Narnoo Narnoo Operator narnoo-shortcodes allows Reflected XSS.This issue affects Narnoo Operator: from n/a …

Mar 26, 2025
CVE-2025-23666
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cxc-sawa Management-screen-droptiles cxc-sawa allows Reflected XSS.This issue affects Management-screen-droptiles: from n/a through <= …

Mar 26, 2025
CVE-2025-23638
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Umesh Ghimire Frontend Post Submission frontend-post-submission allows Reflected XSS.This issue affects Frontend Post …

Mar 26, 2025
CVE-2025-23633
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khanhtruong WP Database Audit database-audit allows Reflected XSS.This issue affects WP Database Audit: …

Mar 26, 2025
CVE-2025-23632
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhizome Networks CG Button content-glass-button allows Reflected XSS.This issue affects CG Button: from …

Mar 26, 2025
CVE-2025-23612
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixobe Pixobe Cartography pixobe-cartography allows Reflected XSS.This issue affects Pixobe Cartography: from n/a …

Mar 26, 2025
CVE-2025-23546
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert D Payne RDP inGroups+ rdp-ingroups allows Reflected XSS.This issue affects RDP inGroups+: …

Mar 26, 2025
CVE-2025-23543
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fomopay FOMO Pay Chinese Payment Solution fomo-payment-gateway-for-woocommerce allows Reflected XSS.This issue affects FOMO …

Mar 26, 2025
CVE-2025-23542
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert D Payne RDP Linkedin Login rdp-linkedin-login allows Reflected XSS.This issue affects RDP …

Mar 26, 2025
CVE-2025-23466
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsiteeditor Site Editor Google Map site-editor-google-map allows Reflected XSS.This issue affects Site Editor …

Mar 26, 2025
CVE-2025-23460
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rhizomaticweb RWS Enquiry And Lead Follow-up rws-enquiry allows Reflected XSS.This issue affects RWS …

Mar 26, 2025
CVE-2025-23459
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NsThemes NS Simple Intro Loader ns-simple-intro-loader allows Reflected XSS.This issue affects NS Simple …

Mar 26, 2025
CVE-2025-22283
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyaz GetSocial getsocial allows Reflected XSS.This issue affects GetSocial: from n/a through <= …

Mar 26, 2025
CVE-2024-45351
7.8 HIGH

A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by …

Mar 26, 2025
CVE-2025-2110
8.8 HIGH

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing …

Mar 26, 2025
CVE-2025-1913
7.2 HIGH

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up …

Mar 26, 2025
CVE-2025-1912
7.6 HIGH

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up …

Mar 26, 2025
CVE-2024-13889
7.2 HIGH

The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input …

Mar 26, 2025
CVE-2025-2257
7.2 HIGH

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions …

Mar 26, 2025
CVE-2025-2009
7.2 HIGH

The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logging functionality in all versions up to, and including, 4.9.9.7 due to …

Mar 26, 2025
CVE-2025-1514
7.3 HIGH

The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on …

Mar 26, 2025
CVE-2024-13801
8.1 HIGH

The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to …

Mar 26, 2025
CVE-2024-13146
8.8 HIGH

The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add …

Mar 26, 2025
CVE-2025-29789
7.5 HIGH

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in …

Mar 25, 2025
CVE-2025-27835
7.8 HIGH

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.

Mar 25, 2025
CVE-2025-27834
7.8 HIGH

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.

Mar 25, 2025
CVE-2025-27833
7.8 HIGH

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.

Mar 25, 2025
CVE-2025-27830
7.8 HIGH

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.

Mar 25, 2025
CVE-2025-25374
7.5 HIGH

In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any …

Mar 25, 2025
CVE-2025-25372
7.5 HIGH

NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module.

Mar 25, 2025
CVE-2025-25371
7.5 HIGH

NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system.

Mar 25, 2025
CVE-2025-30118
7.5 HIGH

An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for …

Mar 25, 2025
CVE-2025-30567
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through …

Mar 25, 2025
CVE-2024-58105
7.3 HIGH

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute …

Mar 25, 2025
CVE-2024-58104
7.3 HIGH

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute …

Mar 25, 2025
CVE-2025-30214
7.5 HIGH

Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead …

Mar 25, 2025
CVE-2025-30213
8.8 HIGH

Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific …

Mar 25, 2025
CVE-2025-30212
7.5 HIGH

Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could …

Mar 25, 2025
CVE-2025-2532
7.8 HIGH

Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. …

Mar 25, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.