CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2022-50818

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix running_req for internal abort commands Disabling the remote phy for a SATA …

Dec 30, 2025
CVE-2022-50817

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skb_clone() syzbot got a crash [1] in skb_clone(), …

Dec 30, 2025
CVE-2022-50816

In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report [1] with no reproducer hints …

Dec 30, 2025
CVE-2022-50815

In the Linux kernel, the following vulnerability has been resolved: ext2: Add sanity checks for group and filesystem size Add sanity check that filesystem size …

Dec 30, 2025
CVE-2022-50814

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr KASAN reported this Bug: [17619.659757] BUG: KASAN: …

Dec 30, 2025
CVE-2022-50813

In the Linux kernel, the following vulnerability has been resolved: drivers: mcb: fix resource leak in mcb_probe() When probe hook function failed in mcb_probe(), it …

Dec 30, 2025
CVE-2022-50812

In the Linux kernel, the following vulnerability has been resolved: security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 A bad bug in clang's implementation …

Dec 30, 2025
CVE-2022-50811

In the Linux kernel, the following vulnerability has been resolved: erofs: fix missing unmap if z_erofs_get_extent_compressedlen() fails Otherwise, meta buffers could be leaked.

Dec 30, 2025
CVE-2022-50810

In the Linux kernel, the following vulnerability has been resolved: rapidio: devices: fix missing put_device in mport_cdev_open When kfifo_alloc fails, the refcount of chdev->dev is …

Dec 30, 2025
CVE-2022-50809

In the Linux kernel, the following vulnerability has been resolved: xhci: dbc: Fix memory leak in xhci_alloc_dbc() If DbC is already in use, then the …

Dec 30, 2025
CVE-2025-15247
7.3 HIGH

A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. Such manipulation leads …

Dec 30, 2025
CVE-2025-15246
6.3 MEDIUM

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This …

Dec 30, 2025
CVE-2025-14509
7.2 HIGH

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, …

Dec 30, 2025
CVE-2023-54162

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible memory leak in smb2_lock() argv needs to be free when setup_async_work fails …

Dec 30, 2025
CVE-2022-50786

In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSE_INSTANCE command, ctx_work_bits was …

Dec 30, 2025
CVE-2022-50785

In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use get_device and put_device in the open and close …

Dec 30, 2025
CVE-2022-50784

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone If cloning the SKB fails, don't …

Dec 30, 2025
CVE-2025-69093
5.3 MEDIUM

Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopMagic: from n/a through <= 4.7.2.

Dec 30, 2025
CVE-2025-69092
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows DOM-Based XSS.This issue affects Essential Addons …

Dec 30, 2025
CVE-2025-69091
4.3 MEDIUM

Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a …

Dec 30, 2025
CVE-2025-69089
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in autolistings Auto Listings auto-listings allows Stored XSS.This issue affects Auto Listings: from n/a …

Dec 30, 2025
CVE-2025-69088
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: …

Dec 30, 2025
CVE-2025-69034
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue …

Dec 30, 2025
CVE-2025-69033
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: …

Dec 30, 2025
CVE-2025-69032
5.4 MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= …

Dec 30, 2025
CVE-2025-69031
5.3 MEDIUM

Missing Authorization vulnerability in Skywarrior Arcane arcane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arcane: from n/a through <= 3.6.6.

Dec 30, 2025
CVE-2025-69030
5.4 MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a …

Dec 30, 2025
CVE-2025-69029
5.4 MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through <= …

Dec 30, 2025
CVE-2025-69028
5.3 MEDIUM

Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.

Dec 30, 2025
CVE-2025-69027
5.3 MEDIUM

Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery …

Dec 30, 2025
CVE-2025-69026
4.3 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a …

Dec 30, 2025
CVE-2025-69025
4.3 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a …

Dec 30, 2025
CVE-2025-69024
6.5 MEDIUM

Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through <= 4.6.7.

Dec 30, 2025
CVE-2025-69023
4.3 MEDIUM

Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through <= …

Dec 30, 2025
CVE-2025-69022
5.4 MEDIUM

Missing Authorization vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HR …

Dec 30, 2025
CVE-2025-69021
5.4 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7.

Dec 30, 2025
CVE-2025-69020
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through …

Dec 30, 2025
CVE-2025-69019
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlippingBook FlippingBook flippingbook allows DOM-Based XSS.This issue affects FlippingBook: from n/a through <= …

Dec 30, 2025
CVE-2025-69018
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: …

Dec 30, 2025
CVE-2025-69017
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Stored XSS.This issue affects RestroPress: from n/a through <= …

Dec 30, 2025
CVE-2025-69016
4.3 MEDIUM

Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and …

Dec 30, 2025
CVE-2025-69015
3.8 LOW

Missing Authorization vulnerability in Automattic Crowdsignal Forms crowdsignal-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crowdsignal Forms: from n/a through <= 1.7.2.

Dec 30, 2025
CVE-2025-69014
4.9 MEDIUM

Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through <= 1.3.7.

Dec 30, 2025
CVE-2025-69013
4.3 MEDIUM

Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through <= 1.6.1.

Dec 30, 2025
CVE-2025-69012
4.3 MEDIUM

Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through <= …

Dec 30, 2025
CVE-2025-69010
5.3 MEDIUM

Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through <= 1.3.5.

Dec 30, 2025
CVE-2025-69009
5.3 MEDIUM

Missing Authorization vulnerability in kamleshyadav Medicalequipment medicalequipment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Medicalequipment: from n/a through <= 1.0.9.

Dec 30, 2025
CVE-2025-69008
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Inboxify Inboxify Sign Up Form inboxify-sign-up-form allows Stored XSS.This issue affects Inboxify Sign …

Dec 30, 2025
CVE-2025-69007
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping …

Dec 30, 2025
CVE-2025-69006
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atte Moisio AM Events am-events allows Stored XSS.This issue affects AM Events: from …

Dec 30, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.