37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and …
Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` …
tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a …
tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a …
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a …
Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …
In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …
In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional …
Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with …
A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, …
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook …
umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with …
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being …
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains …
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system …
The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be …
An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows …
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects WPBookit: from n/a through <= 1.0.1.
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode …
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode …
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the …
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable …
CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry …
The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated …
Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue …
Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of …
A vulnerability was found in Quantico Tecnologia PRMV 6.48. It has been classified as critical. This affects an unknown part of the file /admin/login.php of …
A vulnerability was found in AT Software Solutions ATSVD up to 3.4.1. It has been rated as critical. Affected by this issue is some unknown …
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is …
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, …
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function …
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file …
The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all …
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, …
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to …
The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.4. This is due …
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The …
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module …
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble …
Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE …
XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest …
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker …
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute …
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained …
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained …
Free website and port scanning — find vulnerabilities before attackers do.