CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-69235
7.5 HIGH

Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.

Dec 30, 2025
CVE-2025-69234
9.1 CRITICAL

Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.

Dec 30, 2025
CVE-2025-15214
2.4 LOW

A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function save_pricing of the file admin_class.php. The manipulation of the …

Dec 30, 2025
CVE-2025-69217
7.7 HIGH

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and …

Dec 30, 2025
CVE-2025-15213
4.3 MEDIUM

A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the …

Dec 30, 2025
CVE-2025-15212
6.3 MEDIUM

A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the …

Dec 30, 2025
CVE-2025-15211
6.3 MEDIUM

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the …

Dec 30, 2025
CVE-2025-68499
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= …

Dec 30, 2025
CVE-2025-68498
6.5 MEDIUM

Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.

Dec 30, 2025
CVE-2025-68120
5.4 MEDIUM

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

Dec 30, 2025
CVE-2025-68040
6.5 MEDIUM

Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from …

Dec 30, 2025
CVE-2025-68036
7.5 HIGH

Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27.

Dec 30, 2025
CVE-2025-23554
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page …

Dec 30, 2025
CVE-2025-23550
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kemal YAZICI Product Puller product-puller allows Reflected XSS.This issue affects Product Puller: from …

Dec 30, 2025
CVE-2025-23469
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sleekplan Sleekplan sleekplan allows Reflected XSS.This issue affects Sleekplan: from n/a through <= …

Dec 30, 2025
CVE-2025-23458
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rakessh Ads24 Lite wp-ad-management allows Reflected XSS.This issue affects Ads24 Lite: from n/a …

Dec 30, 2025
CVE-2025-15210
6.3 MEDIUM

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of …

Dec 30, 2025
CVE-2023-41656
5.4 MEDIUM

Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.

Dec 30, 2025
CVE-2023-32238
5.4 MEDIUM

Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.

Dec 30, 2025
CVE-2025-15284
3.7 LOW

Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not enforce …

Dec 29, 2025
CVE-2025-15209
6.3 MEDIUM

A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the …

Dec 29, 2025
CVE-2025-15208
7.3 HIGH

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. …

Dec 29, 2025
CVE-2025-68860
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder mobile-builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through …

Dec 29, 2025
CVE-2025-68607
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field …

Dec 29, 2025
CVE-2025-68562
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a …

Dec 29, 2025
CVE-2025-68504
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through <= …

Dec 29, 2025
CVE-2025-68503
6.5 MEDIUM

Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through <= 2.4.7.

Dec 29, 2025
CVE-2025-68502
4.3 MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup jet-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through <= …

Dec 29, 2025
CVE-2025-15207
7.3 HIGH

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/view_products.php. The manipulation of the argument …

Dec 29, 2025
CVE-2025-15206
7.3 HIGH

A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the …

Dec 29, 2025
CVE-2025-69205
6.3 MEDIUM

Micro Registration Utility (µURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts …

Dec 29, 2025
CVE-2025-15205
6.3 MEDIUM

A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation …

Dec 29, 2025
CVE-2025-15204
2.4 LOW

A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross …

Dec 29, 2025
CVE-2024-27480
9.8 CRITICAL

givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.

Dec 29, 2025
CVE-2024-25183
7.5 HIGH

givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.

Dec 29, 2025
CVE-2024-25182
9.8 CRITICAL

givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.

Dec 29, 2025
CVE-2025-69202
6.5 MEDIUM

Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor …

Dec 29, 2025
CVE-2025-15203
2.4 LOW

A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site …

Dec 29, 2025
CVE-2025-15202
2.4 LOW

A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross …

Dec 29, 2025
CVE-2025-14175
6.5 MEDIUM

A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and …

Dec 29, 2025
CVE-2024-30855
8.8 HIGH

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.

Dec 29, 2025
CVE-2024-25181
9.1 CRITICAL

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from …

Dec 29, 2025
CVE-2025-68706
9.8 CRITICAL

A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to …

Dec 29, 2025
CVE-2025-68431
6.5 MEDIUM

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path …

Dec 29, 2025
CVE-2025-67255
8.8 HIGH

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.

Dec 29, 2025
CVE-2025-67254
7.5 HIGH

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.

Dec 29, 2025
CVE-2025-15201
3.5 LOW

A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes …

Dec 29, 2025
CVE-2025-15200
2.4 LOW

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in …

Dec 29, 2025
CVE-2025-15199
6.3 MEDIUM

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of …

Dec 29, 2025
CVE-2025-14728
6.8 MEDIUM

Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written …

Dec 29, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.