37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …
Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. …
Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …
Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B maxab allows Stored XSS.This issue affects MaxA/B: from n/a through <= 2.2.2.
Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through <= 2.4.
Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags wp-hashtags allows Stored XSS.This issue affects Hashtags: from n/a through <= 0.3.2.
Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification wati-chat-and-notification allows Stored XSS.This issue affects WATI Chat and Notification: from n/a through …
Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email no-disposable-email allows Stored XSS.This issue affects No Disposable Email: from n/a through <= 2.5.1.
Cross-Site Request Forgery (CSRF) vulnerability in Terence D. Go To Top go-to-top allows Stored XSS.This issue affects Go To Top: from n/a through <= 0.0.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: …
Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users members-page-only-for-logged-in-users allows Stored XSS.This issue affects Members page only for logged …
Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro tabgarb allows Stored XSS.This issue affects TabGarb Pro: from n/a through <= 2.6.
Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme domain-theme allows Stored XSS.This issue affects Domain Theme: from n/a through <= 1.3.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suman Biswas Custom top bar custom-top-bar allows Stored XSS.This issue affects Custom top …
Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress list-posts-by-category allows Stored XSS.This issue affects List of Posts …
Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync ftp-sync allows Stored XSS.This issue affects FTP Sync: from n/a through <= 1.1.6.
Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc price-calc allows Stored XSS.This issue affects price-calc: from n/a through <= 0.6.3.
Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables wp-compare-tables allows Stored XSS.This issue affects WP Compare Tables: from n/a through <= 1.0.5.
Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through <= …
Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator google-news-editors-picks-news-feeds allows Stored XSS.This issue affects Google News Editors Picks Feed Generator: …
Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration rankchecker-io-integration allows Stored XSS.This issue affects Rankchecker.io Integration: from n/a through <= 1.0.9.
Substance3D - Modeler versions 1.15.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …
Substance3D - Modeler versions 1.15.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …
A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In …
NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this …
NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation …
The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in …
Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the …
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized …
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in …
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a …
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the …
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the …
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in …
An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.
A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users …
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …
Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …
Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …
Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …
Free website and port scanning — find vulnerabilities before attackers do.